Bugtraq mailing list archives
Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability
From: christopher () SCHULTE ORG (Christopher Schulte)
Date: Fri, 2 Jun 2000 15:14:04 -0500
Confirmed fixed, Ryan, on both the 7 and 8 series of realserver. It should be noted that the 6.x series does not have the 'viewsource' variable available, so it's undoubtedly unaffected. When I pull up the DoS url on a 6 server, I get a 404. Just like what happens when I comment out the VAR in the 7 and 8 cfg files. Looks like just 7 and 8 are affected. Thanks for this fix........ At 05:02 PM 6/1/00 -0700, Ryan Russell wrote:
I believe I have a temporary workaround. In the rmserver.cfg file, there's a section like this: <!-- H T T P S U P P O R T --> <List Name="HTTPDeliverable"> <Var Path_0="/admin"/> <Var Path_1="/ramgen"/> <Var Path_2="/farm"/> <Var Path_3="/httpfs"/> <Var Path_4="/viewsource"/> </List> On my Real server, I've removed this line: <Var Path_4="/viewsource"/> I *think* this only has the consequence that people can't pull down file details for audio content for the moment. We can still serve up audio just fine. Ryan
-- Christopher Schulte | christopher () schulte org cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339 page:612.264.1115 | free:877.271.9245 | site: schulte.org COMING SOON http://SchulteConsulting.COM/ reliable computer consulting at a fair price.
Current thread:
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Ryan Russell (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Christopher Schulte (Jun 02)
- bind running as root in Mandrake 7.0 Nicolas MONNET (Jun 03)
- Re: bind running as root in Mandrake 7.0 Brock Sides (Jun 03)
- Re: bind running as root in Mandrake 7.0 White Vampire (Jun 03)
- Re: bind running as root in Mandrake 7.0 Andrew L . Davis (Jun 04)
- Re: bind running as root in Mandrake 7.0 Elias Levy (Jun 08)
- Circumventing Outlook Security Update File Download Security With IFRAMEs cassius () HUSHMAIL COM (Jun 09)
- Re: bind running as root in Mandrake 7.0 Nathan Neulinger (Jun 11)
- Remote DoS for Mercur 3.2 |[TDP]| (Jun 13)
- Vulnerability in Solaris ufsrestore Job de Haas (Jun 14)
- <Possible follow-ups>
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Christopher Schulte (Jun 02)