Potential Server/Proxy Denial-of-Service Vulnerability
Issued January 12, 2004
Helix Universal Server/Proxy 9 contains a potential denial-of-service exploit when certain types of HTTP POST messages are sent to the server's Administration System port. Helix Mobile Server 10 is vulnerable to a similar type of attack. Note that these attacks require administrator login access to the server.
Impacted Products and Versions:
Helix Universal Mobile Server & Gateway 10, versions 10.1.1.120 and prior
Helix Universal Server & Gateway 9, version 126.96.36.1991 and prior
RealSystem Server and Proxy versions 8.x and earlier are not impacted by this vulnerability.
The vulnerability is closed by replacement of the RealNetworks Administration System plug-in in the /Plugins directory.
Helix Universal Server and Proxy (9.0.x)
Windows admi3260.dll Solaris 2.8 adminfs.so Solaris 2.7 adminfs.so Linux adminfs.so IBM/AIX adminfs.so HP UX adminfs.so CompaqTru64 adminfs.so FreeBSD adminfs.so
Helix Universal Mobile Server and Proxy (10.0.x)
Solaris 2.8 adminfs.so Linux adminfs.so
To replace the Administration System plug-in, click on a file above to download an updated version. After downloading the appropriate file, replace the current admin plug-in in the /Plugins folder and restart the server or proxy.
RealNetworks thanks Matt Moore from Pentest Limited for reporting this vulnerability.
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.