RealNetworks Helix Universal Server HTTP GET buffer overflow

helix-http-get-bo (10917) The risk level is classified as HighHigh Risk

Description:

RealNetworks' Helix Universal Server is vulnerable to a buffer overflow, caused by improper handling of simultaneous HTTP requests. By sending two simultaneous overly long HTTP GET requests, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

Platforms Affected:

  • Real, Helix Universal Server 9.0

Remedy:

Upgrade to the latest version of Helix Universal Server (9.01 or later), available from the RealNetworks Support Web site. See References.

Consequences:

Gain Access

References:

  • NGSSoftware Insight Security Research Advisory #NISR20122002, Multiple Buffer overruns RealNetworks Helix Universal Server 9.0 at http://www.nextgenss.com/advisories/realhelix.txt.
  • RealNetworks Support Web site, Potential Buffer Overrun Vulnerabilities in Helix Universal Server 8.01 at http://www.service.real.com/help/faq/security/bufferoverrun030303.html.
  • RealNetworks Support Web site, Potential Buffer Overrun Vulnerabilities in Helix Universal Server 9.0 at http://www.service.real.com/help/faq/security/bufferoverrun12192002.html.
  • BID-6454: RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability
  • BID-6456: RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability
  • BID-6458: RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability
  • BID-7020: Real Networks Helix Universal Server/RealServer RTSP URI Handling Buffer Overflow Vulnerabilities
  • CVE-2002-1643: Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RSTP request, (2) a DESCRIBE RSTP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
  • US-CERT VU#974689: RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters

Reported:

Dec 20, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page