Frequently Asked Questions
Updated: June 2, 2000
Denial of Service.
Attack in URL parsing for View Source in RealServer 7.0x.
On the afternoon of June 1, 2000, a BugTraq/USSR Advisory notice was released announcing that a Denial of Service attack was found in the RealServer 7.0x. We have found and fixed the problem.
This particular exploit utilizes a bug in the URL parsing for the View Source feature. View Source allows source content and media file information on enabled RealServers to be displayed in a Web browser. The Server's auto-restart feature will successfully determine that a problem has occurred and will restart the Server in approximately 120 seconds.
Affected Software:
All versions of RealServer 7.
Workaround:
By taking any of the following pre-emptive steps, RealServer will no longer be susceptible:
- You can "turn off" View Source via the Admin System by taking the following steps:
a) In RealSystem Administrator, click View Source, then click Source Access
b) In the Master Settings area, select "Disable View Source"
Or manually add the following View Source section to your configuration file:
<!-- V I E W S O U R C E -->
<List Name="ViewSourceConfiguration">
<Var ViewSourceLongName="View Source Tag FileSystem"/>
<Var AllowViewSource="0"/>
</List>
NOTE: Using the Admin System will NOT require a restart of RealServer for the new setting to take affect.
- Remove vsrcplin.so.6.0 or vsrc3260.dll from the Plugins directory of the Server to disable View Source.
- Remove <Var Path_4="/viewsource"/> from the HTTPDeliverable section of the config file to disable View Source.
The steps above have no effect on the Server's ability to stream all existing on-demand and live content.
We have not yet received reports of anyone actually being attacked with this exploit. For those customers who want to continuing using the View Source feature, we have made an updated RealServer available below.
- Linuxc6
- Solaris 2.6
- Solaris 2.7
- Solaris 2.8
- Windows NT/2000
- SGI Irix 6.2
- SGI Irix 6.5
- SCO Unixware 7.0.1
- SCO Unixware 7.1.0
- SCO Unixware 7.1.1
- FreeBSD 3.0
NOTE: This update is only necessary if you are running RealServer 7 AND are running your Server with the View Source feature enabled.
Acknowledgments
RealNetworks would like to thank Ussr Labs for reporting this issue to us and working with us to protect customers from unauthorized access to sensitive or proprietary information.