Helix Servers View Source Plug-in RTSP Parser Overflow

critical Nessus Plugin ID 11642

Language:

Synopsis

The remote media streaming server is susceptible to buffer overflow attacks.

Description

The remote host is running RealServer or Helix Universal Server, media streaming servers.

According to its banner, the version of the server installed on the remote host may be affected by a buffer overflow vulnerability when handling URLs with many '/' characters and another when handling unspecified RTSP methods. Using a specially crafted request, an attacker may be able to leverage either of these issues to execute arbitrary code subject to the privileges of the user under which the server operates, generally root or Administrator.

Solution

Install the Helix Universal Server 9.01 Security Update or later.

See Also

http://www.nessus.org/u?c7b272fb

http://www.nessus.org/u?d552d421

http://www.nessus.org/u?12fa2abc

http://www.nessus.org/u?296d4dc9

Plugin Details

Severity: Critical

ID: 11642

File Name: helix_overflow.nasl

Version: 1.21

Type: remote

Published: 5/21/2003

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/22/2003

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2003-0725

BID: 8476