On November 4, 1999, a RealServer G2 security exploit, affecting the Microsoft Windows NT version of the RealServer G2 6.0 (v184.108.40.2064), was brought to the attention of RealNetworks. The specific exploit involves a buffer overflow while accessing the RealSystem Administrator port.
By sending a long user name and password pair it is possible to overflow the buffer and execute arbitrary code on the RealServer. RealNetworks has verified this specific exploit. Additional information about the conditions enabling this exploit are below:
Information about the conditions enabling this exploit:
- This specific exploit only affects customers running the 220.127.116.114
version of RealServer G2 6.0 for Microsoft Windows NT. Customers running UNIX versions of RealServer
are not susceptible to this exact attack.
- The exploit only works on the admin port of the server, which is randomly chosen at install. By default, this makes the port unique for each RealServer.
- The published exploit only works if the RealServer is installed in the default server directory. Users have an option to install in a different directory and often do. If the user installed the RealServer in a different directory then the exploit does not work.
Actions to eliminate the risk of the exploit:
Customers running RealServer G2 6.0 on Microsoft Windows NT can prevent this specific attack by using an access control rule to prevent connections from unknown computers to their RealSystem Administrator port. The access control feature lets you associate certain client addresses with permissions to connect to certain RealServer ports. When this feature is used the exploit is no longer possible.
For more information on the access control feature see, "Chapter 10: Limiting Access to RealServer," in the RealServer Administration Guide.
In addition to this, RealNetworks has made patches available for all RealServer G2 6.0 (v18.104.22.1684) platforms to prevent this exploit.
To install this patch:
- Download the update corresponding to your RealServer platform
- Shut down RealServer
- Copy the file from the temporary location to the RealServer\Plugins directory
- Choose to overwrite existing file
- Restart RealServer