Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RealNetworks Helix Server 12.x Multiple DoS

Medium

Synopsis

The remote media streaming server is affected by multiple denial of service vulnerabilities.

Description

According to its banner, the remote host is running version 12.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by multiple issues :

- By sending a specially crafted 'RTSP' (SET_PARAMETERS) request with 'DataConvertBuffer' parameter set to empty, an attacker may be able to crash the remote Helix server process. (CVE-2009-2533)

- By sending a 'SETUP' request without including a '/' character in it, a remote attacker may be able to crash the remote Helix server process. (CVE-2009-2534)

Solution

Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.