Return-Path: owner-bugtraq@SECURITYFOCUS.COM Return-Path: Received: from rins.st.ryukoku.ac.jp (rins.st.ryukoku.ac.jp [133.83.1.1]) by ideon.st.ryukoku.ac.jp (8.9.3/3.7W/kjm-19990628) with ESMTP id FAA03058 for ; Sat, 3 Jun 2000 05:05:30 +0900 (JST) Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68]) by rins.st.ryukoku.ac.jp (8.9.3+3.2W/3.7W/RINS-1.9.7-NOSPAM) with ESMTP id FAA05398 for ; Sat, 3 Jun 2000 05:05:29 +0900 (JST) Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68]) by lists.securityfocus.com (Postfix) with ESMTP id DE3131F759; Fri, 2 Jun 2000 12:58:04 -0700 (PDT) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 10313381 for BUGTRAQ@LISTS.SECURITYFOCUS.COM; Fri, 2 Jun 2000 12:57:06 -0700 Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78]) by lists.securityfocus.com (Postfix) with SMTP id 86E4C1F195 for ; Fri, 2 Jun 2000 09:00:06 -0700 (PDT) Received: (qmail 3159 invoked by alias); 2 Jun 2000 16:00:13 -0000 Delivered-To: BUGTRAQ@SECURITYFOCUS.COM Received: (qmail 3156 invoked from network); 2 Jun 2000 16:00:13 -0000 Received: from kestrel.cc.ukans.edu (129.237.17.38) by mail.securityfocus.com with SMTP; 2 Jun 2000 16:00:13 -0000 Received: from kestrel.cc.ukans.edu ([127.0.0.1]) by kestrel.cc.ukans.edu (Netscape Messaging Server 3.6) with ESMTP id AAA5D2F; Fri, 2 Jun 2000 11:00:03 -0500 X-Mailer: Mozilla 4.7C-SGI [en] (X11; I; IRIX 6.5 IP32) X-Accept-Language: en MIME-Version: 1.0 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <3937DA02.44D2882@kestrel.cc.ukans.edu> Date: Fri, 2 Jun 2000 11:00:02 -0500 Reply-To: Jeff Long Sender: Bugtraq List From: Jeff Long Organization: #f Subject: Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability X-To: Ussr Labs X-cc: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM Ussr Labs wrote: > Remote DoS attack in Real Networks Real Server (Strike #2) > Vulnerability > Real Networks Real Server 7 Windows NT/2000 > Real Networks Real Server 7.01 Windows NT/2000 > The Ussr Labs team has recently discovered a memory problem in the > RealServer 7 Server (patched and non-patched). > > What happens is, by performing an attack sending specially-malformed > information to the RealServer HTTP Port(default is 8080), the process > containing the services will stop responding. > > The Exploit: > It will take down the RealServer causing it to stop all streaming > media brodcasts, making it non-functional, (untill Reboot) > > Example: > With the RealServer server running on 'Port' (default being 8080) the > syntax to do the D.O.S. attack is: > > http://ServerIp:Port/viewsource/template.html? > > And Real Server will Stop Responding. Apparently Real Server 7.02 fixes this problem (at least on NT Server 4.0 SP6a). I was able to verify this exploit on 7.01 but after upgrading to 7.02 this no longer occurs. Note, that for the upgrade to be effective you must reboot NT for it to work otherwise it will still hang. Jeff Long