Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

manioc (a type of root)

From: Dave Aitel <dave () immunitysec com>
Date: Wed, 14 Jan 2004 16:45:14 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________
http://www.service.real.com/help/faq/security/040112_dos/

Issued January 12, 2004

Helix Universal Server/Proxy 9 contains a potential denial-of-service
exploit when certain types of HTTP POST messages are sent to the
server's Administration System port. Helix Mobile Server 10 is
vulnerable to a similar type of attack. Note that these attacks
require administrator login access to the server.

*Acknowledgment:*
RealNetworks thanks Matt Moore from Pentest Limited
<http://www.pentest.co.uk> for reporting this vulnerability
_______________

Ok, so in the spirit of free love, I post this free bit of
information: There are 2 (other) ways to crash HelixServer without
Administrative access. One is recoverable, one is not. :>

Later today I'll release a SSL SPIKE script as well, which does fun
things to F5 load balencers, among other things. Crashing things is
generally for the lame and mentally hobbled, but sometimes these
things merit further study!

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFABbhqzOrqAtg8JS8RArqDAKDFuEUZkvOTXzMoUN190W4W/tPiRQCg938n
AymLr8ETigycrxUs8zBnq1c=
=9NxK
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: