|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] manioc (a type of root)
From: Dave Aitel (dave
immunitysec.com)
Date: Wed Jan 14 2004 - 15:45:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________
http://www.service.real.com/help/faq/security/040112_dos/
Issued January 12, 2004
Helix Universal Server/Proxy 9 contains a potential denial-of-service
exploit when certain types of HTTP POST messages are sent to the
server's Administration System port. Helix Mobile Server 10 is
vulnerable to a similar type of attack. Note that these attacks
require administrator login access to the server.
*Acknowledgment:*
RealNetworks thanks Matt Moore from Pentest Limited
<http://www.pentest.co.uk> for reporting this vulnerability
_______________
Ok, so in the spirit of free love, I post this free bit of
information: There are 2 (other) ways to crash HelixServer without
Administrative access. One is recoverable, one is not. :>
Later today I'll release a SSL SPIKE script as well, which does fun
things to F5 load balencers, among other things. Crashing things is
generally for the lame and mentally hobbled, but sometimes these
things merit further study!
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFABbhqzOrqAtg8JS8RArqDAKDFuEUZkvOTXzMoUN190W4W/tPiRQCg938n
AymLr8ETigycrxUs8zBnq1c=
=9NxK
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]