Potential Server/Proxy Exploit Vulnerability - Update

Updated February 26, 2004

Note: This vulnerability was first announced on January 12th, 2004 (http://service.real.com/help/faq/security/040112_dos/). Revised information and an updated solution is now available.

Helix Universal Server/Proxy 9 contains a potential root exploit when certain types of HTTP POST messages are sent to the server's Administration System port. Helix Mobile Server and Gateway 10 is vulnerable to a similar type of attack. By utilizing this exploit, an attacker could potentially gain inappropriate access to the system on which the server/proxy is running. Note that RealNetworks knows of no systems which have been compromised due to this vulnerability.

Note also that this vulnerability requires administrator login access to the server/proxy Administration system. If administrator access is properly controlled, the risk of the vulnerability is negligible.

Impacted Products and Versions:

* Helix Universal Mobile Server & Gateway 10, versions and prior
* Helix Universal Server & Gateway 9, version and prior

RealSystem Server and Proxy versions 8.x and earlier are not impacted by this vulnerability.


Helix Universal Server & Gateway 9

On the following platforms the vulnerability is closed by installing an updated version of the Helix Universal Server or Gateway.

On the following platforms The vulnerability is closed by replacement of the RealNetworks Administration System plug-in in the /Plugins directory (See instructions on replacing the plug-ins below).

Compaq - adminfs.so.9.0
HP - adminfs.so.9.0
FreeBSD - adminfs.so.9.0
IBM - adminfs.so.9.0o

Helix Universal Mobile Server & Gateway 10

The vulnerability is closed by replacement of the RealNetworks Administration System plug-in in the /Plugins directory.

Solaris 2.8 - adminfs.so
Linux - adminfs.so

To replace the Administration System plug-in, click on a file above to download an updated version. After downloading the appropriate file, replace the current admin plug-in in the /Plugins folder and restart the server or proxy.

Additional Tips

* Utilize the server/proxy Access Control feature to limit access to the admin system.
* Use Admin passwords that are not easy to guess.


RealNetworks thanks Matt Moore from Pentest Limited (http://www.pentest.co.uk/) for reporting this vulnerability.


While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.