Bugtraq mailing list archives
Remote DoS attack in RealServer: USSR-2000043
From: dcotter () REAL COM (David Cotter)
Date: Thu, 1 Jun 2000 21:11:44 -0700
This afternoon a BugTraq/USSR Advisory notice was released announcing that a Denial of Service attack was found in the RealServer 7. We have found and fixed the problem. This particular exploit utilizes a bug in the URL parsing for the ViewSource feature. View Source allows source content and media file information on enabled RealServers to be displayed in a Web browser. The server's auto-restart feature will successfully determine that a problem has occurred and will restart the server in approximately120 seconds. By taking either of the following steps, RealServer will no longer be susceptible: 1. You can "turn off" view source via the Admin System by taking the following steps: a) In RealSystem Administrator, click View Source, then click Source Access b) In the Master Settings area, select "Disable View Source" Or manually add the following view source section to your configuration file: <!-- V I E W S O U R C E --> <List Name="ViewSourceConfiguration"> <Var ViewSourceLongName="View Source Tag FileSystem"/> <Var AllowViewSource="0"/> </List> NOTE: Using the Admin System will NOT require a restart of RealServer for setting to take affect 2. Remove vsrcplin.so.6.0 or vsrc3260.dll from the Plugins directory of the server to disable viewsource. 3. Remove <Var Path_4="/viewsource"/> from the HTTPDeliverable section of the config file to disable viewsource. All of these steps have no effect on the servers ability to stream all existing on-demand and live content. We have not yet received reports of anyone actually being attacked with this exploit; however, we will be making a RealServer patch available that will defeat this specific attack within the next 24 hours. We appreciate the efforts that Underground Security Systems Research Labs (USSR Labs) went through to contact us regarding this. Unfortunately, an internal process broke down and as a consequence we failed to respond to the original notification. We have subsequently updated our processes. ------------------------------------------------------------------------ Dave Cotter Program Manager, RealNetworks, Inc. Ph: 1 206 674 2491 Pgr: 206-975-5640
Current thread:
- Re: IBM HTTP SERVER / APACHE typo () INFERNO TUSCULUM EDU (Jun 01)
- <Possible follow-ups>
- Re: IBM HTTP SERVER / APACHE H D Moore (Jun 01)
- Re: IBM HTTP SERVER / APACHE Luke Harless (Jun 01)
- Security Administration comes to LISA 2000 Cat Okita (Jun 01)
- Remote DoS attack in RealServer: USSR-2000043 David Cotter (Jun 01)
- ipx storm Jacek Lipkowski (Jun 02)
- Microsoft Security Bulletin (MS00-032) Microsoft Product Security (Jun 02)
- Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Ussr Labs (Aug 02)
- Piranha password file frostman () SECUREACCESS INTRANETS COM (Jun 02)
- Re: Piranha password file arkth (Jun 08)
- Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Alfred Perlstein (Jun 02)
- New Allaire Security Zone Bulletins Aleph One (Jun 08)
- Re: IBM HTTP SERVER / APACHE . Hecix (Jun 02)
- Re: IBM HTTP SERVER / APACHE Marc Slemko (Jun 03)