|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: RealServer exposes internal IP addresses
From: Jay C Austad (JCA
BIGCHARTS.COM)Date: Mon Mar 13 2000 - 16:26:21 CST
- Next message: David LeBlanc: "Re: Network File Resource Vulnerability"
- Previous message: Brian Knotts: "Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor"
- Maybe in reply to: tschweikleFIDUCIA.DE: "RealServer exposes internal IP addresses"
- Maybe reply: Jay C Austad: "Re: RealServer exposes internal IP addresses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is still not fixed in 7.0. It's not only a security risk, it also causes people who have their realservers behind firewalls to write their own version of the realserver ramgen function.
-----Original Message-----
From: Doug Monroe [mailto:monwelINTERHACK.NET]
Sent: Thursday, March 09, 2000 10:19 AM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Re: RealServer exposes internal IP addresses
tschweikleFIDUCIA.DE wrote:
>RealServer exposes internal IP addresses if requested to
>deliver real media files:
>62.158.114.150 -> 192.168.13.33 HTTP
> GET /ramgen/extern/genoverb/weinkauf.rm HTTP/1.0
>192.168.13.33 -> 62.158.114.150 HTTP
> (proxy) R port=1210
>192.168.13.33 -> 62.158.114.150 HTTP
> HTTP/1.0 200 OK
>192.168.13.33 -> 62.158.114.150 HTTP
> rtsp://192.168.13.33:554/extern/genoverb/weinkauf.rm
>The Server is located inside a DMZ. Network-Address
>translation is in effect from internet as is from campus.
>In my opinion this may be usedfull for an intruder, and
>RealNetworks should fix this. I've informed them about
>6 weeks ago, calling them again four weeks later, then
>14 days ago, but no reaction on there side until now.
FWIW - some time ago (Sept.99) I addressed this issue with Real. I sent them
a similar bit of info:
>$ GET http://realg2.example.com:8080/ramgen/foo.rm
>reveals-
>rtsp://192.168.11.12:554/foo.rm
>--stop--
>pnm://192.168.11.12:7070/foo.rm
>server info:
>WinNT Version 6.0.3.303
I got this reply:
>> 1. Add the following line to the end of your rmserver.cfg:
>> <Var HostName="IP-or-HostName"/>
>> 2. In the URL add the text "?usehostname"
>> so that your URL will look like:
>> http://demos.real.com:8080/ramgen/g2video.rm?usehostname
>> The variable <Var HostName="IP-or-HostName"/> is only supported in
>> the RealServer 6.1 Beta version.
I don't have any idea what version they're up to currently or if any of
this indeed works...
I lost interest myself.
-- Doug Monroe
- Next message: David LeBlanc: "Re: Network File Resource Vulnerability"
- Previous message: Brian Knotts: "Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor"
- Maybe in reply to: tschweikleFIDUCIA.DE: "RealServer exposes internal IP addresses"
- Maybe reply: Jay C Austad: "Re: RealServer exposes internal IP addresses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]