Updated February 19, 2002
A vulnerability affecting RealSystem Server and RealSystem Proxy came to the attention of RealNetworks on February 14, 2002. This vulnerability involves a buffer overflow condition seen in URL error handling.
Affected Software:
All versions of RealSystem Server 6.x, 7.x and 8.x
RealSystem Proxy 8.x
Solution:
Although RealNetworks has not received reports of any deployed RealSystem Server or RealSystem Proxy being exploited by this vulnerability, we have made a security update available to all current RealSystem Server and RealSystem Proxy customers.
If you are a current 8 customer, simply download an updated RealSystem Server or RealSystem Proxy. Choose from our current list of operating systems below. Use your current license key to install the updated package, which applies the fix for this exploit.
If you are a 6.x or 7.x customer, please contact Customer Service at the following number: 888-768-3248.
All actively supported RealSystem Server platforms will be made available. That list is:
- Linux 2.0-libc6
- Solaris 2.7
- Solaris 2.8
- Windows NT 4.0 SP3+
- Windows 2000 Workstation/Server
- FreeBSD 3.0
- IBM AIX 4.3
- HP-UX
- Compaq Tru64 v5.1
All actively supported RealSystem Proxy platforms will be made available. That list is:
Acknowledgement:
This vulnerability was found by Tim Austwick from the QinetiQ Security Health Check Team.
Warranty:
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.