‘RealSystem Server and Proxy Buffer Overflow Vulnerability’

Summary

‘A vulnerability affecting RealSystem Server and RealSystem Proxy came to the attention of RealNetworks on February 14, 2002. This vulnerability involves a buffer overflow condition seen in URL error handling.’

Credit:

‘The information has been provided by SecurITeam Experts.’


Details

Vulnerable systems:
 * All versions of RealSystem Server 6.x, 7.x and 8.x
 * RealSystem Proxy 8.x

Although RealNetworks has not received reports of any deployed RealSystem Server or RealSystem Proxy being exploited by this vulnerability, we have made a security update available to all current RealSystem Server and RealSystem Proxy customers.

If you are a current 8 customer, simply download an updated RealSystem Server or RealSystem Proxy. Choose from our current list of operating systems below. Use your current license key to install the updated package, which applies the fix for this exploit.

If you are a 6.x or 7.x customer, please contact Customer Service at the following number: 888-768-3248.

All actively supported RealSystem Server platforms will be made available. That list is:
 * Linux 2.0-libc6
 * Solaris 2.7
 * Solaris 2.8
 * Windows NT 4.0 SP3+
 * Windows 2000 Workstation/Server
 * FreeBSD 3.0
 * IBM AIX 4.3
 * HP-UX
 * Compaq Tru64 v5.1

(For a complete list see: http://service.real.com/help/faq/security/bufferoverflow.html)

All actively supported RealSystem Proxy platforms will be made available. That list is:
 * Linux 2.0-libc6
 * Solaris 2.7
 * Solaris 2.8
 * Windows NT 4.0 SP3+
 * Windows 2000 Workstation/Server
 * IBM AIX 4.3
 * HP UX
 * Compaq Tru64 v5.1

(For a complete list see: http://service.real.com/help/faq/security/bufferoverflow.html)’

Categories: News