rtsp

[J Edgar Hoover <zorch () totally righteous net>]

I'm getting lazy (and some say slow) in my old age, but I tripped over
something interesting and was wondering if anyone wanted to run with it.

http://docs.real.com/docs/proxykit/rtspd.pdf

Scroll down to Protocol Semantics, and look at the general syntax of the
SETUP method.

Right off it looks like the protocol will support UDP and TCP bounce
scans.

Also there's several potentially user definable fields there that have to
be parsed. I'll bet there's more than one parsing or bof exploit there.

You might find it running on a cable company proxy near you.

z