icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Helix Server < 11.1.4 RTSP Command Multiple Requires Overflow

High

Synopsis

The remote RTSP server is prone to a buffer overflow.

Description

The remote host is running Helix Server or Helix DNA Server, a media streaming server. The version of the Helix server installed on the remote host reportedly contains a heap overflow that is triggered using an RTSP command with multiple 'Require' headers. An unauthenticated remote attacker can leverage this flaw to execute arbitrary code subject to the privileges under which it operates, by default LOCAL SYSTEM on Windows.

Solution

Upgrade to Helix Server / Helix DNA Server version 11.1.4 or higher.