[14213] in bugtraq
RealServer exposes internal IP addresses
daemon@ATHENA.MIT.EDU (tschweikle@FIDUCIA.DE)
Thu Mar 9 00:42:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Message-Id: <0057540004185917000002L472*@MHS>
Date: Wed, 8 Mar 2000 12:41:33 +0100
Reply-To: tschweikle@FIDUCIA.DE
From: tschweikle@FIDUCIA.DE
X-To: "- *BUGTRAQ@securityfocus.com" <BUGTRAQ@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Hi!
RealServer exposes internal IP addresses if requested to
deliver real media files:
62.158.114.150 -> 192.168.13.33 HTTP
GET /ramgen/extern/genoverb/weinkauf.rm HTTP/1.0
192.168.13.33 -> 62.158.114.150 HTTP
(proxy) R port=1210
192.168.13.33 -> 62.158.114.150 HTTP
HTTP/1.0 200 OK
192.168.13.33 -> 62.158.114.150 HTTP
rtsp://192.168.13.33:554/extern/genoverb/weinkauf.rm
The Server is located inside a DMZ. Network-Address
translation is in effect from internet as is from campus.
In my opinion this may be usedfull for an intruder, and
RealNetworks should fix this. I've informed them about
6 weeks ago, calling them again four weeks later, then
14 days ago, but no reaction on there side until now.
--
Thomas
