Helix Servers View Source Plug-in RTSP Parser Overflow
Critical Nessus Plugin ID 11642
SynopsisThe remote media streaming server is susceptible to buffer overflow attacks.
DescriptionThe remote host is running RealServer or Helix Universal Server, media streaming servers.
According to its banner, the version of the server installed on the remote host may be affected by a buffer overflow vulnerability when handling URLs with many '/' characters and another when handling unspecified RTSP methods. Using a specially crafted request, an attacker may be able to leverage either of these issues to execute arbitrary code subject to the privileges of the user under which the server operates, generally root or Administrator.
SolutionInstall the Helix Universal Server 9.01 Security Update or later.