RealNetworks Helix Server < 13.0.0 Multiple Remote DoS
Medium Nessus Plugin ID 40350
SynopsisThe remote media streaming server is affected by multiple denial of service vulnerabilities.
DescriptionAccording to its banner, The remote host is running version 12.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by multiple issues :
- By sending a specially crafted 'RTSP' (SET_PARAMETERS) request with a 'DataConvertBuffer' parameter and either no 'Content-Length' header or an invalid 'Content-Length' header, an attacker may be able to crash the remote Helix server process. (CVE-2009-2533)
- By sending a 'SETUP' request without including a '/' character in it, a remote attacker may be able to crash the remote Helix server process. (CVE-2009-2534)
SolutionUpdate to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.