Dailydave mailing list archives
manioc (a type of root)
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 14 Jan 2004 16:45:14 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________ http://www.service.real.com/help/faq/security/040112_dos/ Issued January 12, 2004 Helix Universal Server/Proxy 9 contains a potential denial-of-service exploit when certain types of HTTP POST messages are sent to the server's Administration System port. Helix Mobile Server 10 is vulnerable to a similar type of attack. Note that these attacks require administrator login access to the server. *Acknowledgment:* RealNetworks thanks Matt Moore from Pentest Limited <http://www.pentest.co.uk> for reporting this vulnerability _______________ Ok, so in the spirit of free love, I post this free bit of information: There are 2 (other) ways to crash HelixServer without Administrative access. One is recoverable, one is not. :> Later today I'll release a SSL SPIKE script as well, which does fun things to F5 load balencers, among other things. Crashing things is generally for the lame and mentally hobbled, but sometimes these things merit further study! - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFABbhqzOrqAtg8JS8RArqDAKDFuEUZkvOTXzMoUN190W4W/tPiRQCg938n AymLr8ETigycrxUs8zBnq1c= =9NxK -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- manioc (a type of root) Dave Aitel (Jan 14)