Bugtraq mailing list archives
Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability
From: long () KESTREL CC UKANS EDU (Jeff Long)
Date: Fri, 2 Jun 2000 11:00:02 -0500
Ussr Labs wrote:
Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Real Networks Real Server 7 Windows NT/2000
Real Networks Real Server 7.01 Windows NT/2000
The Ussr Labs team has recently discovered a memory problem in the RealServer 7 Server (patched and non-patched). What happens is, by performing an attack sending specially-malformed information to the RealServer HTTP Port(default is 8080), the process containing the services will stop responding. The Exploit: It will take down the RealServer causing it to stop all streaming media brodcasts, making it non-functional, (untill Reboot) Example: With the RealServer server running on 'Port' (default being 8080) the syntax to do the D.O.S. attack is: http://ServerIp:Port/viewsource/template.html? And Real Server will Stop Responding.
Apparently Real Server 7.02 fixes this problem (at least on NT Server 4.0 SP6a). I was able to verify this exploit on 7.01 but after upgrading to 7.02 this no longer occurs. Note, that for the upgrade to be effective you must reboot NT for it to work otherwise it will still hang. Jeff Long
Current thread:
- Re: [rootshell.com] Xterm DoS Attack, (continued)
- Re: [rootshell.com] Xterm DoS Attack Wakko Ellington Warner-Warner III (Jun 04)
- Linux-Mandrake Xlockmore security update Chmouel Boudjnah (Jun 04)
- Microsoft BackOffice component: adredir.asp Michal Zalewski (Jun 03)
- Re: [rootshell.com] Xterm DoS Attack Darren Reed (Jun 02)
- Re: [rootshell.com] Xterm DoS Attack gavina () CSIS GVSU EDU (Jun 02)
- [Debian] Majordomo will be removed Aleph One (Jun 03)
- /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Paulo Ribeiro (Jun 02)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Christopher Schulte (Jun 04)
- [Gael Duval <gduval () mandrakesoft com>] [Security Announce] cdrecord Chmouel Boudjnah (Jun 03)
- Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Ussr Labs (Aug 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)
- [JOLT2] Remote Denial of Service against Be/OS. visi0n (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)