Bugtraq mailing list archives
Remote DoS attack in RealServer
From: dcotter () REAL COM (David Cotter)
Date: Thu, 20 Apr 2000 23:55:13 -0700
On April 20th, 2000, a RealServer Denial of Service exploit potentially affecting all RealServers was brought to the attention of RealNetworks. The specific exploit involves a stack overflow in the PNA protocol handling scheme and can ultimately cause the RealServer to discontinue serving streams until the RealServer is restarted or "rebooted" by the System Administrator. We have not yet received reports of anyone actually being attacked with this exploit; however, we have prepared an update to the RealServer Software that will defeat this specific attack. Please go to the below URL for download instructions. http://service.real.com/help/faq/servg270.html ------------------------------------------------------------------------ Dave Cotter Program Manager, RealNetworks, Inc. Ph: 1 206 674 2491 Pgr: 206-975-5640
Current thread:
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit, (continued)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Theodor R. Gislason (Apr 26)
- SECURITY: UPDATED - RHSA-2000:014 New Piranha release available Cristian Gafton (Apr 26)
- gpm-root initgroups() Koblinger Egmont (Apr 23)
- Postgresql cleartext password storage Robert van der Meulen (Apr 23)
- Re: Postgresql cleartext password storage Alexandru Popa (Apr 24)
- Re: ZoneAlarm Stephen M. Milton (Apr 24)
- Microsoft Security Bulletin (MS00-027) Microsoft Product Security (Apr 20)
- Remote vulnerability in LCDproc 0.4 Andrew Hobgood (Apr 20)
- Remote DoS attack in RealServer David Cotter (Apr 20)
- CMD.EXE overflow (CISADV000420) Cerberus Security Team (Apr 21)