Bugtraq mailing list archives
Re: Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
From: christopher () SCHULTE ORG (Christopher Schulte)
Date: Fri, 2 Jun 2000 11:31:34 -0500
This same DoS appears to work on the new realserver 8 BETA: Platform sunos-5.7-sparc Release RealServer 8 Build Version 6.1.3.1058 I'd be safe in guessing all other platforms are affected as well. -- Christopher Schulte http://www.schulte.org/
Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability USSR Advisory Code: USSR-2000043 Release Date: June 1, 2000 Systems Affected: Real Networks Real Server 7 Linuxc6 Real Networks Real Server 7 Solaris 2.6 Real Networks Real Server 7 Solaris 2.7 Real Networks Real Server 7 Solaris 2.8 Real Networks Real Server 7 Windows NT/2000 Real Networks Real Server 7 SGI Irix 6.2 Real Networks Real Server 7 SGI Irix 6.5 Real Networks Real Server 7 SCO Unixware 7.xx Real Networks Real Server 7 FreeBSD 3.0 Real Networks Real Server 7.01 Linuxc6 Real Networks Real Server 7.01 Solaris 2.6 Real Networks Real Server 7.01 Solaris 2.7 Real Networks Real Server 7.01 Solaris 2.8 Real Networks Real Server 7.01 Windows NT/2000 Real Networks Real Server 7.01 SGI Irix 6.2 Real Networks Real Server 7.01 SGI Irix 6.5 Real Networks Real Server 7.01 SCO Unixware 7.xx Real Networks Real Server 7.01 FreeBSD 3.0 Real Networks Real Server G2 1.0 THE PROBLEM The Ussr Labs team has recently discovered a memory problem in the RealServer 7 Server (patched and non-patched). What happens is, by performing an attack sending specially-malformed information to the RealServer HTTP Port(default is 8080), the process containing the services will stop responding. The Exploit: It will take down the RealServer causing it to stop all streaming media brodcasts, making it non-functional, (untill Reboot) Example: With the RealServer server running on 'Port' (default being 8080) the syntax to do the D.O.S. attack is: http://ServerIp:Port/viewsource/template.html? And Real Server will Stop Responding. Example: With the RealServer server running on 'Port' (default being 8080) the syntax to do the D.O.S. attack is: http://ServerIp:Port/viewsource/template.html? And Real Server will Stop Responding. SPECIAL NOTE: That we take no responsibility for this Example it is for educational purposes only,Dont test against British Broadcasting Corporation 1999 Radio Exaple 2: Radio: British Broadcasting Corporation 1999 (default in RealPlayer 8) Radio Url: http://playlist.broadcast.com/makeplaylist.asp?id=7708&encad=2F6164732 F617564696F686967687761792F617564696F68696768776179325F3238 RealServer http running on port 80 RealServer http ip: 206.190.42.7 Valid Url for Clip Source: http://206.190.42.7/viewsource/template.html?nuyhtgs0pdz6iqm557a6i9bgj 054ngdnbfzgro7zxfAjq357lnwEC6ne8s5ge5hi4ejqC1t6x1amngaAmkyf59v6zgjqC1t 6x1amngoAmkyf1AvuEfhe640hBh60EeADAo2097qglh Malformed Url for Clip Source: http://206.190.42.7/viewsource/template.html? Vendor Status: Yes! Informed! I sent them more than 4 emails and each time I received JUNK mails in reply, my Incident ID number for this request is 19163930. Vendor Url: http://www.real.com Program Url: http://www.realnetworks.com/products/basicserverplus/index.html?src=ho me Download Url: http://proforma.real.com/rn/servers/eval/index.html?src=home,srvpl_020 400,srvntra Related Links: Underground Security Systems Research http://www.ussrback.com Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, SecurityFocus.com, ADM, HNN, Sub, prizm, b0f,Technotronic and Rfp. Copyright (c) 1999-2000 Underground Security Systems Research. Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of Ussr. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please e-mail labs () ussrback com for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Feedback: Please send suggestions, updates, and comments to: Underground Security Systems Research mail:labs () ussrback com http://www.ussrback.com
Current thread:
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability, (continued)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Christopher Schulte (Jun 02)
- bind running as root in Mandrake 7.0 Nicolas MONNET (Jun 03)
- Re: bind running as root in Mandrake 7.0 Brock Sides (Jun 03)
- Re: bind running as root in Mandrake 7.0 White Vampire (Jun 03)
- Re: bind running as root in Mandrake 7.0 Andrew L . Davis (Jun 04)
- Re: bind running as root in Mandrake 7.0 Elias Levy (Jun 08)
- Circumventing Outlook Security Update File Download Security With IFRAMEs cassius () HUSHMAIL COM (Jun 09)
- Re: bind running as root in Mandrake 7.0 Nathan Neulinger (Jun 11)
- Remote DoS for Mercur 3.2 |[TDP]| (Jun 13)
- Vulnerability in Solaris ufsrestore Job de Haas (Jun 14)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Christopher Schulte (Jun 02)