[15185] in bugtraq
Re: Remote DoS attack in Real Networks Real Server (Strike #2)
daemon@ATHENA.MIT.EDU (Christopher Schulte)
Sat Jun 3 21:17:32 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.3.1.0.20000602150841.00aeeac0@pop.schulte.org>
Date: Fri, 2 Jun 2000 15:14:04 -0500
Reply-To: Christopher Schulte <christopher@SCHULTE.ORG>
From: Christopher Schulte <christopher@SCHULTE.ORG>
X-To: Ryan Russell <ryan@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.21.0006011657080.26170-100000@mail>
Confirmed fixed, Ryan, on both the 7 and 8 series of realserver.
It should be noted that the 6.x series does not have the 'viewsource'
variable available, so it's undoubtedly unaffected. When I pull up the DoS
url on a 6 server, I get a 404. Just like what happens when I comment out
the VAR in the 7 and 8 cfg files.
Looks like just 7 and 8 are affected.
Thanks for this fix........
At 05:02 PM 6/1/00 -0700, Ryan Russell wrote:
>I believe I have a temporary workaround.
>
>In the rmserver.cfg file, there's a section like this:
>
><!-- H T T P S U P P O R T --> <List Name="HTTPDeliverable">
> <Var Path_0="/admin"/>
> <Var Path_1="/ramgen"/>
> <Var Path_2="/farm"/>
> <Var Path_3="/httpfs"/>
> <Var Path_4="/viewsource"/>
></List>
>
>On my Real server, I've removed this line:
><Var Path_4="/viewsource"/>
>
>I *think* this only has the consequence that people can't pull down file
>details for audio content for the moment. We can still serve up audio
>just fine.
>
> Ryan
--
Christopher Schulte | christopher@schulte.org
cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339
page:612.264.1115 | free:877.271.9245 | site: schulte.org
COMING SOON http://SchulteConsulting.COM/
reliable computer consulting at a fair price.
