hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: How Secure Real Media
GovernmentSecurity.org > The Archives > General Network Security
sesame
Aug 31 2003, 10:19 PM
how can i secure real media servers?

only deleting ftp.exe and tftp.exe?

ore other?
dRf
Aug 31 2003, 10:40 PM
hmm how u wanna delete ftp or tftp.exe? they ar in the windir, and u have no accs to del them, and i dont know any other way to secure it without admin rights ;(
Lemongreen
Aug 31 2003, 11:49 PM
*/ I hope its the xploit you talking about , i figured it was RealServer for realplayer media streaming....
*/

Very easy to secure , follow the vendor procedure:

Server Exploit Vulnerability

Updated August 22, 2003

Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers. RealNetworks Proxy products are not vulnerable to this exploit.

Solution:

RealNetworks has verified that vulnerability to this exploit can be effectively closed by removing the RealNetworks View Source plug-in from the /Plugins directory and restarting the Server process.

UNIX/Linux: vsrcplin.so.9.0 (Helix Universal Server), vsrcplin.so.6.0 (RealSystem Server 8 & 7, and RealServer G2).


Windows: vsrc3260.dll

The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the Server. Removal of this plug-in will not hinder on-demand or live streaming delivery or logging and authentication services of the product. With the plug-in removed however, the Content Browsing feature will be disabled.

RealNetworks considers the removal of the View Source Plug-in a work-around for this issue, we will be making a new version of the Helix Universal Server available to all current customers that resolves this problem and does not require system administrators to remove any shipping components post installation. Once the new version is available, RealNetworks will urge customer to upgrade.

We want to thank those who posted information about this problem on http://www.securityfocus.org/.

Warranty:

While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.




source :

http://www.service.real.com/help/faq/secur...loit082203.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.