Bugtraq mailing list archives
Re: RealServer exposes internal IP addresses
From: JCA () BIGCHARTS COM (Jay C Austad)
Date: Mon, 13 Mar 2000 16:26:21 -0600
This is still not fixed in 7.0. It's not only a security risk, it also causes people who have their realservers behind firewalls to write their own version of the realserver ramgen function. -----Original Message----- From: Doug Monroe [mailto:monwel () INTERHACK NET] Sent: Thursday, March 09, 2000 10:19 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: RealServer exposes internal IP addresses tschweikle () FIDUCIA DE wrote:
RealServer exposes internal IP addresses if requested to deliver real media files: 62.158.114.150 -> 192.168.13.33 HTTP GET /ramgen/extern/genoverb/weinkauf.rm HTTP/1.0 192.168.13.33 -> 62.158.114.150 HTTP (proxy) R port=1210 192.168.13.33 -> 62.158.114.150 HTTP HTTP/1.0 200 OK 192.168.13.33 -> 62.158.114.150 HTTP rtsp://192.168.13.33:554/extern/genoverb/weinkauf.rm The Server is located inside a DMZ. Network-Address translation is in effect from internet as is from campus. In my opinion this may be usedfull for an intruder, and RealNetworks should fix this. I've informed them about 6 weeks ago, calling them again four weeks later, then 14 days ago, but no reaction on there side until now.
FWIW - some time ago (Sept.99) I addressed this issue with Real. I sent them a similar bit of info:
$ GET http://realg2.example.com:8080/ramgen/foo.rm reveals- rtsp://192.168.11.12:554/foo.rm --stop-- pnm://192.168.11.12:7070/foo.rm server info: WinNT Version 6.0.3.303
I got this reply:
1. Add the following line to the end of your rmserver.cfg: <Var HostName="IP-or-HostName"/> 2. In the URL add the text "?usehostname" so that your URL will look like: http://demos.real.com:8080/ramgen/g2video.rm?usehostname The variable <Var HostName="IP-or-HostName"/> is only supported in the RealServer 6.1 Beta version.
I don't have any idea what version they're up to currently or if any of this indeed works... I lost interest myself. -- Doug Monroe
Current thread:
- Re: RealServer exposes internal IP addresses Doug Monroe (Mar 09)
- <Possible follow-ups>
- Re: RealServer exposes internal IP addresses Jay C Austad (Mar 13)