Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: rserver6.htm

RealNetworks RealServer 7 and below gives up random pieces of core memory

    Real Server


    Real Networks Real Server version 7 and below


    Following is based on a Core SDI Advisory CORE-20001116.  A memory
    contents  disclosure  vulnerability  was  found  on   RealNetworks
    RealServer  which  will  give  out  information  about  the server
    configuration, runtime memory  data and tokens  and authentication
    credentials.   This  information  allows  an  external attacker to
    possibly obtain  administrative access  to the  server or  to data
    belonging to other user sessions.

    This  vulnerability  was  found  by  Gerardo  Richarte and Claudio
    Castiglia from Core SDI S.A.

    Issuing a request to a RealServer with the following URI:

        http://targetserver/admin/includes/   (note the ending '/' slash)

    A  response  will  be  ellicited  containing  random pieces of the
    server's runtime  memory.   This generally  consists of  data from
    previous sessions and contains  information that could be  used to
    obtain  unauthorized  access  to  the  RealServer   administration
    facilities  (cookies  sent  to   other  clients,  BASE64   encoded
    usernames  and  passwords,  the  random  port   number  where  the
    administration server listens, etc.)


    A  description  of  the  problem  and  an updated version of  Real
    Server with a fix for the problem is available at:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH