[15160] in bugtraq
Re: Remote DoS attack in Real Networks Real Server (Strike #2)
daemon@ATHENA.MIT.EDU (Ryan Russell)
Fri Jun 2 15:57:19 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.21.0006011657080.26170-100000@mail>
Date: Thu, 1 Jun 2000 17:02:46 -0700
Reply-To: Ryan Russell <ryan@SECURITYFOCUS.COM>
From: Ryan Russell <ryan@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
I believe I have a temporary workaround.
In the rmserver.cfg file, there's a section like this:
<!-- H T T P S U P P O R T --> <List Name="HTTPDeliverable">
<Var Path_0="/admin"/>
<Var Path_1="/ramgen"/>
<Var Path_2="/farm"/>
<Var Path_3="/httpfs"/>
<Var Path_4="/viewsource"/>
</List>
On my Real server, I've removed this line:
<Var Path_4="/viewsource"/>
I *think* this only has the consequence that people can't pull down file
details for audio content for the moment. We can still serve up audio
just fine.
Ryan
