[12620] in bugtraq
Re: RealNetworks RealServer G2 buffer overflow. (fwd)
daemon@ATHENA.MIT.EDU (dark spyrit)
Wed Nov 17 13:32:32 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.991117154303.343A-100000@attica.gen.nz>
Date: Wed, 17 Nov 1999 15:44:50 +1300
Reply-To: dark spyrit <dspyrit@BEAVUH.ORG>
From: dark spyrit <dspyrit@BEAVUH.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
---------- Forwarded message ----------
Date: Mon, 15 Nov 1999 15:37:55 -0800
From: Ryan Hill <ryan@tvw.org>
To: 'dark spyrit' <dspyrit@BEAVUH.ORG>
Cc: "'ntbugtraq@ntbugtraq.com'" <ntbugtraq@ntbugtraq.com>
Subject: RE: RealNetworks RealServer G2 buffer overflow.
Update:
Since I did not see a resolution posted to the list, nor did I ever receive
an annoucment or notice from RealNetworks of a released fix, I thought the
list would appreciate the update for this particular exploit:
http://service.real.com/help/faq/servg260.html
Regards,
Ryan
_____________________
Ryan Hill MCSE, MCP+I
Information Technology Systems Specialist
TVW, Washington State's Public Affairs Network
http://www.tvw.org
-----Original Message-----
From: dark spyrit [mailto:dspyrit@BEAVUH.ORG]
Sent: Thursday, November 04, 1999 6:26 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: RealNetworks RealServer G2 buffer overflow.
As everyone seems to have the giving spirit at present, here's a little
something from the beavuh crew.
A buffer overflow exists in the web authentication on the
RealServer administrator port. By sending a long user/password pair you
can overflow the buffer and execute arbitrary code.
e.g. -
GET /admin/index.html HTTP/1.0
Connection: Keep-Alive
....
Authorization: Basic <long base64 encoded user/password>
As basic authorization is base64 encoded, this made coding an exploit
extremely annoying - but, of course, could be done.
<snip>
