icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

RealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities

Synopsis

The remote media streaming server is affected by multiple vulnerabilities.

Description

Such versions are potentially affected by multiple vulnerabilities.

- Administrative and user credentials are insecurely stored in a flat file database. This file may be accessed by local users to disclose passwords stored in clear text. (CVE-2012-1923)

- A buffer overflow exists in the code that parses authentication credentials. It may be possible for a remote attacker to exploit this issue and execute arbitrary code. (CVE-2012-0942)

- Multiple unspecified cross-site scripting vulnerabilities. (CVE-2012-1984)

- A specially crafted malfored URL can cause the server process to crash if opened by an administrator. (CVE-2012-1985)

- Establishing and immediately closing a TCP connection on port 705 can cause the SNMP Master Agent to crash (CVE-2012-2267)

- A specially crafted Open-PDU request sent to the SNMP Master Agent can cause it to crash due to an unhandled exception. (CVE-2012-2268)

Solution

Upgrade to RealNetworks Helix Server / Helix Mobile Server 14.3.x or later.