Info

Disclosure

Jun 22, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in RealNetworks Helix DNA Server . The Helix DNA Server fails to handle RTSP requests with a malformed 'User-Agent' header resulting in a heap overflow. With a specially crafted request, an attacker may be able to execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Commercial

Solution

Upgrade to version 11.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

RealNetworks, Inc.	Helix DNA Server	11.0
		10.0

References

Security Tracker: 1016365
Bugtraq ID: 18606
CVE ID: 2006-3276 (see also: NVD)
Secunia Advisory ID: 20784
Related OSVDB ID: 26800
ISS X-Force ID: 27316
VUPEN Advisory: ADV-2006-2521
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html
Generic Exploit URL: http://d2sec.com/products.htm
Other Advisory URL: http://labs.musecurity.com/advisories/MU-200606-01.txt
Vendor URL: https://helix-server.helixcommunity.org/
Keyword: MU-200606-01 Real Time Streaming Protocol RTSP

Credit

Mu Security - -

Direct URL: http://osvdb.org/26799

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RealNetworks, Inc.

Helix DNA Server

References

Credit