Frequently Asked Questions
Updated: April 20, 2000
Denial of Service.
Stack overflow in the PNA protocol handling scheme.
It was recently brought to our attention that there exists a means by which a hacker, using a malicious program over the Internet, can temporarily shut down a RealServer. The specific exploit involves a stack overflow in the PNA protocol handling scheme that ultimately causes the RealServer to discontinue serving streams until the RealServer is restarted or "rebooted" by the System Administrator.
Although we have not yet received any reported instances of actual attacks, we have addressed this issue quickly with an update to the RealServer software that would defeat such an attack.
- If you are running a 7.0 gold server (v22.214.171.1241), simply download an updated 7.01 server install package from the Basic/Basic Plus web sites or via your PAM site. Use your current license key to install the updated package which applies the fix.
- Existing RealServer 7.01 customers (v126.96.36.1993) can simply replace the existing rmserver executable with the appropriate patch from the list below.
- Solaris 2.6
- Solaris 2.7
- Solaris 2.8
- Windows NT/2000
- SGI Irix 6.2
- SGI Irix 6.5
- SCO Unixware 7.xx
- FreeBSD 3.0
- If you are currently running RealServer 6.0 or earlier, please contact our Customer Service group at firstname.lastname@example.org or (206) 674-2651 for further upgrade information.
You can check the version number of your RealServer by choosing "About" in your RealSystem Administrator or by typing 'rmserver -v' at the command line from the same directory as the rmserver executable.
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.