[15163] in bugtraq
Re: Remote DoS attack in Real Networks Real Server (Strike
daemon@ATHENA.MIT.EDU (Jeff Long)
Fri Jun 2 16:04:58 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3937DFC3.58B6F661@kestrel.cc.ukans.edu>
Date: Fri, 2 Jun 2000 11:24:35 -0500
Reply-To: Jeff Long <long@KESTREL.CC.UKANS.EDU>
From: Jeff Long <long@KESTREL.CC.UKANS.EDU>
X-To: Ussr Labs <labs@USSRBACK.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Jeff Long wrote:
>
> Ussr Labs wrote:
>
> > Remote DoS attack in Real Networks Real Server (Strike #2)
> > Vulnerability
>
> > Real Networks Real Server 7 Windows NT/2000
>
> > Real Networks Real Server 7.01 Windows NT/2000
>
> > The Ussr Labs team has recently discovered a memory problem in the
> > RealServer 7 Server (patched and non-patched).
> >
> > What happens is, by performing an attack sending specially-malformed
> > information to the RealServer HTTP Port(default is 8080), the process
> > containing the services will stop responding.
> >
> > The Exploit:
> > It will take down the RealServer causing it to stop all streaming
> > media brodcasts, making it non-functional, (untill Reboot)
> >
> > Example:
> > With the RealServer server running on 'Port' (default being 8080) the
> > syntax to do the D.O.S. attack is:
> >
> > http://ServerIp:Port/viewsource/template.html?
> >
> > And Real Server will Stop Responding.
>
> Apparently Real Server 7.02 fixes this problem (at least on NT Server
> 4.0 SP6a). I was able to verify this exploit on 7.01 but after
> upgrading to 7.02 this no longer occurs. Note, that for the upgrade to
> be effective you must reboot NT for it to work otherwise it will still
> hang.
I spoke too soon. It looks like they only fixed it in the case where
you launch n of these attacks and n <= some number (probably the number
of Real media streams you are licensed for). When you launch 56 of
these attacks at a RealServer Basic 7.02 you still end up hanging the
Real Server.
Jeff Long
