Vulnerability Development mailing list archives
rtsp
From: J Edgar Hoover <zorch () totally righteous net>
Date: Sat, 9 Feb 2002 17:48:45 -0800 (PST)
I'm getting lazy (and some say slow) in my old age, but I tripped over something interesting and was wondering if anyone wanted to run with it. http://docs.real.com/docs/proxykit/rtspd.pdf Scroll down to Protocol Semantics, and look at the general syntax of the SETUP method. Right off it looks like the protocol will support UDP and TCP bounce scans. Also there's several potentially user definable fields there that have to be parsed. I'll bet there's more than one parsing or bof exploit there. You might find it running on a cable company proxy near you. z
Current thread:
- rtsp J Edgar Hoover (Feb 09)