Frequently Asked Questions
Updated October 17th, 2000
On the afternoon of October 17th, it was brought to our attention that there exists a means by which the contents of a 6.x or 7.x RealServer's memory could be made available to unauthorized users. We have found and fixed the problem. Browsing in a RealServer directory could cause the Server to send a random part of its memory space to the browser via http. These memory chunks could contain information about previous media or admin system requests; posing a potential security vulnerability.
All versions of RealServer 6.x and 7.x
We have not yet received reports of anyone actually being attacked with this exploit. Nonetheless, we have made an updated RealServer available below.
If you are running RealServer 7 version 220.127.116.110 or earlier, simply download an updated 7.0 server from the list below (You can check the version number of your RealServer by choosing "About" in your RealSystem Administrator). Use your current license key to install the updated package, which applies the fix for this exploit:
- Solaris 2.6
- Solaris 2.7
- Solaris 2.8
- Windows NT/2000
- SGI Irix 6.2
- SGI Irix 6.5
- SCO Unixware 7.0.0
- SCO Unixware 7.1.0
- SCO Unixware 7.1.1
- FreeBSD 3.0
If you are currently running RealServer 6.0 or earlier, please contact our Customer Service group at firstname.lastname@example.org or (206) 674-2651 for further upgrade information.
This vulnerability was found by Gerardo Richarte and Claudio Castiglia from Core SDI S.A.
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.