Bugtraq mailing list archives

RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd)

From: ah1 () SECURITYFOCUS COM (ah1 () SECURITYFOCUS COM)
Date: Thu, 4 Nov 1999 14:28:46 -0800

---------- Forwarded message ----------
Date: Thu, 4 Nov 1999 15:08:08 -0700
From: Mark <mark () NTSHOP NET>
Reply-To: Discussions regarding Windows-related security issues.
    <WIN2KSECADVICE () LISTSERV NTSECURITY NET>
To: WIN2KSECADVICE () LISTSERV NTSECURITY NET
Subject: RealNetworks RealServer G2 buffer overflow - WORKAROUND

A Web site reader at www.ntsecurity.net, Brendan Brannen, sent me this
message with a workaround to help any of you that are using the RealServer
G2:

===============

"While this may not be the best fix for everyone, on our server, I simply
went in to the .cfg file and (after backing it up of course) deleted the
entry that specified the admin port. I then stopped and restarted the
rmserver service. While this does of course effectively turn off the
administrative capabilities of the software, you can of course switch
between your backed up version and the new one of the CFG file to re-enable
this service.

It's a kludge, but it fixes the hole until Real comes out with something..."

Current thread:

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alun Jones (Nov 02)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability iarce (Nov 04)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alberto Soliño (Nov 04)
- Palm Hotsync vulnerable to DoS attack Aviram Jenik (Nov 04)
- RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd) ah1 () SECURITYFOCUS COM (Nov 04)
- Microsoft Security Bulletin (MS99-047) Aleph One (Nov 04)
- Re-release of Microsoft Security Bulletin MS99-042 Aleph One (Nov 04)