|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12766] RealNetworks Helix Universal Server Denial of Service Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Oct 08 2004 - 08:06:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
RealNetworks Helix Universal Server Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA12766
VERIFY ADVISORY:
http://secunia.com/advisories/12766/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Helix Universal Mobile Server 10.x
http://secunia.com/product/2818/
Helix Universal Server 9.x
http://secunia.com/product/905/
DESCRIPTION:
A vulnerability has been reported in Helix Universal Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to insufficient validation of HTTP
requests. This can be exploited to cause a vulnerable server to
consume a large amount of memory and CPU resources by sending a
specially crafted POST request with the "Content-Length" header set
to -1.
The vulnerability has been reported in:
* Helix Universal Mobile Server & Gateway, versions 10.3.1.716 and
prior.
* Helix Universal Server, version 9.0.4.958 and prior.
SOLUTION:
Apply updates.
-- Helix Universal Server 9.04 (9.0.4.960) --
Linux:
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Linux+version+2.4.18&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server
Sun Solaris 2.8:
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.8&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server
Windows:
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Windows+NT+4.0+%26+2000&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server
-- Helix Mobile Universal Server and Gateway 10.04.1226 --
http://service.real.com/pam/
PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
Real Networks:
http://service.real.com/help/faq/security/security100704.html
iDEFENSE:
http://www.idefense.com/application/poi/display?id=151&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]