Bugtraq mailing list archives
RealServer exposes internal IP addresses
From: tschweikle () FIDUCIA DE (tschweikle () FIDUCIA DE)
Date: Wed, 8 Mar 2000 12:41:33 +0100
RealServer exposes internal IP addresses if requested to deliver real media files: 62.158.114.150 -> 192.168.13.33 HTTP GET /ramgen/extern/genoverb/weinkauf.rm HTTP/1.0 192.168.13.33 -> 62.158.114.150 HTTP (proxy) R port=1210 192.168.13.33 -> 62.158.114.150 HTTP HTTP/1.0 200 OK 192.168.13.33 -> 62.158.114.150 HTTP rtsp://192.168.13.33:554/extern/genoverb/weinkauf.rm The Server is located inside a DMZ. Network-Address translation is in effect from internet as is from campus. In my opinion this may be usedfull for an intruder, and RealNetworks should fix this. I've informed them about 6 weeks ago, calling them again four weeks later, then 14 days ago, but no reaction on there side until now. -- Thomas
Current thread:
- PGP Signatures security BUG! Povl H. Pedersen (Mar 07)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Werner Koch (Mar 08)
- RealServer exposes internal IP addresses tschweikle () FIDUCIA DE (Mar 08)
- Re: PGP Signatures security BUG! Eric Murray (Mar 08)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
- RealPlayer and Comet Cursor Keela Robison (Mar 09)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)
- Network File Resource Vulnerability Eric Hacker (Mar 09)
- Re: Network File Resource Vulnerability David LeBlanc (Mar 11)