Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Remote DoS attack in RealServer: USSR-2000043
From: David Cotter (dcotterREAL.COM)
Date: Thu Jun 01 2000 - 23:11:44 CDT
- Next message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-032)"
- Previous message: Jacek Lipkowski: "ipx storm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This afternoon a BugTraq/USSR Advisory notice was released announcing that a
Denial of Service attack was found in the RealServer 7. We have found and
fixed the problem. This particular exploit utilizes a bug in the URL parsing
for the ViewSource feature. View Source allows source content and media file
information on enabled RealServers to be displayed in a Web browser. The
server's auto-restart feature will successfully determine that a problem has
occurred and will restart the server in approximately120 seconds.
By taking either of the following steps, RealServer will no longer be
1. You can "turn off" view source via the Admin System by taking the following
a) In RealSystem Administrator, click View Source, then click Source Access
b) In the Master Settings area, select "Disable View Source"
Or manually add the following view source section to your configuration file:
<!-- V I E W S O U R C E -->
<Var ViewSourceLongName="View Source Tag FileSystem"/>
NOTE: Using the Admin System will NOT require a restart of RealServer for
setting to take affect
2. Remove vsrcplin.so.6.0 or vsrc3260.dll from the Plugins directory of the
server to disable viewsource.
3. Remove <Var Path_4="/viewsource"/> from the HTTPDeliverable section of the
config file to disable viewsource.
All of these steps have no effect on the servers ability to stream all existing
on-demand and live content.
We have not yet received reports of anyone actually being attacked with this
exploit; however, we will be making a RealServer patch available that will
defeat this specific attack within the next 24 hours.
We appreciate the efforts that Underground Security Systems Research Labs (USSR
Labs) went through to contact us regarding this. Unfortunately, an internal
process broke down and as a consequence we failed to respond to the original
notification. We have subsequently updated our processes.
Program Manager, RealNetworks, Inc.
Ph: 1 206 674 2491