CVE-2004-0049
CVSS6.8
发布时间 :2004-02-17 00:00:00
修订时间 :2008-09-05 16:37:21
NMCOP    

[原文]Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.


[CNNVD]Real Networks Helix Server/Gateway管理服务HTTP POST拒绝服务攻击漏洞(CNNVD-200402-084)

        
        Helix Universal Server是一款由RealNetWorks开发和维护的多类型媒体服务器。
        Helix Universal Server/Gateway 9不正确处理部分发送给服务器管理系统端口的HTTP POST消息,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
        其中Helix Mobile Server 10也存在同样问题,目前没有详细漏洞细节提供。
        攻击者要利用这个漏洞必须能够通过管理界面认证。
        

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:realnetworks:helix_universal_mobile_server:10.1.1.120
cpe:/a:realnetworks:helix_universal_server:9.0.2.881

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0049
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0049
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-084
(官方数据源) CNNVD

- 其它链接及资源

http://service.real.com/help/faq/security/040112_dos/
(VENDOR_ADVISORY)  CONFIRM  http://service.real.com/help/faq/security/040112_dos/
http://www.securityfocus.com/bid/9421
(VENDOR_ADVISORY)  BID  9421
http://service.real.com/help/faq/security/security022604.html
(UNKNOWN)  CONFIRM  http://service.real.com/help/faq/security/security022604.html
http://www.securityfocus.com/archive/1/357834
(UNKNOWN)  BUGTRAQ  20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
http://seclists.org/lists/vulnwatch/2004/Jan-Mar/0057.html
(UNKNOWN)  VULNWATCH  20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow

- 漏洞信息

Real Networks Helix Server/Gateway管理服务HTTP POST拒绝服务攻击漏洞
中危 未知
2004-02-17 00:00:00 2006-01-05 00:00:00
远程  
        
        Helix Universal Server是一款由RealNetWorks开发和维护的多类型媒体服务器。
        Helix Universal Server/Gateway 9不正确处理部分发送给服务器管理系统端口的HTTP POST消息,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
        其中Helix Mobile Server 10也存在同样问题,目前没有详细漏洞细节提供。
        攻击者要利用这个漏洞必须能够通过管理界面认证。
        

- 公告与补丁

        厂商补丁:
        Real Networks
        -------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Helix Universal Server & Gateway 9
        Compaq
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Compaq+Tru64+5.1+%26+5.1A&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        FreeBSD
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=FreeBSD+4.0+%26+4.5&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        HP UX
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=HP+UX+11.0+%26+11.i&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        IBM AIX
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=IBM+AIX+4.3+%26+5L&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        Linux
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Linux+version+2.4.18&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        Sun Solaris 2.7
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.7&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        Sun Solaris 2.8
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.8&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        Windows
        
        http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Windows+NT+4.0+%26+2000&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server

        Helix Universal Mobile & Gateway 10:
        通过在/Plugins目录中用如下文件代替即可:
        Solaris 2.8
        
        http://docs.real.com/docs/022604_pluginupdate/solaris/adminfs.so_sunos-58.gz

        Linux
        
        http://docs.real.com/docs/022604_pluginupdate/linux/adminfs.so_linux.gz

- 漏洞信息 (F32895)

realHelix9.txt (PacketStormID:F32895)
2004-03-18 00:00:00
 
advisory,web,overflow,arbitrary
CVE-2004-0049
[点击下载]

Pentest Limited Security Advisory - The RealNetworks Helix 9 Server allows for an authenticated attacker to submit malformed HTTP POST requests against the Administration server to trigger a buffer overflow and execute arbitrary code. Affected versions: Helix Universal Mobile Server and Gateway 10, version 10.1.1.120 and prior; Helix Universal Server and Gateway 9, version 9.0.2.881 and prior.

Pentest Limited Security Advisory

RealNetworks Helix Server 9 Administration Server Buffer Overflow

Advisory Details
----------------
Title: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Announcement date: 18 March 2004
Advisory Reference: ptl-2004-02
CVE Name: CAN-2004-0049
Products: Various RealNetworks Server Products (See Below)
Vulnerability Type : Buffer Overflow
Vendor-URL: http://www.realnetworks.com
Vendor-Status: Updated Version / Plugin Released
Remotely Exploitable: Yes (Authenticated User)
Locally Exploitable: Yes (Authenticated User)
Advisory URL: http://www.pentest.co.uk/

Vulnerability Description
--------------------------
Several of Real Networks Helix Server products utilise a common
Administration Interface which is available over HTTP and protected
by HTTP Basic Authentication.

An authenticated attacker can submit malformed HTTP POST
requests to the server's Administration interface, triggering a buffer
overflow and executing arbitrary code on the server.

On Windows platforms where the Helix Server is run as an NT Service,
this allows arbitrary code execution under the context of the NT SYSTEM
account.

It should be noted that the Server does not have a default username
and password - these are set during installation. In addition to this,
the Server runs on a random TCP port, configured during installation.

Vulnerable Versions
--------------------
Helix Universal Mobile Server & Gateway 10, version 10.1.1.120 and prior
Helix Universal Server and Gateway 9, version 9.0.2.881 and prior

RealSystem Server and Proxy version 8.x and earlier are not vulnerable

Whilst Windows 2000 was the only platform tested and confirmed to be
exploitable by Pentest Limited, the vendor advisory indicates that
multiple platforms are affected by this vulnerability including
Solaris, Linux, AIX, and FreeBSD.

Vendor Status
--------------
Real Networks:
05-01-2004 - Initial Pentest Limited Notification
06-01-2004 - Notification acknowledged by Real Networks
08-01-2004 - Draft Advisory sent to Pentest Limited By Real Networks
12-01-2004 - Initial Advisory published by Real Networks stating the 
impact as 'Denial of Service'
26-02-2004 - Real Advisory updated to describe impact as 'potential root 
exploit'
18-03-2004 - Pentest Limited Advisory released.

Fix
---
Updated versions of Helix Universal Server and Gateway 9 are available
from RealNetworks.

Updated Administration System plug-ins are available.

Further details are available in the RealNetworks advisory, available
at:

http://service.real.com/help/faq/security/security022604.html

    

- 漏洞信息

3559
RealNetworks Helix Administrative Interface HTTP POST Request DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-01-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站