Multiple Remote Security Vulnerabilities in RealNetworks Helix Server

Release date:
Updated on: 2012-04-10

Affected Systems:
Real Networks Helix Mobile Server 14.x
Real Networks Helix Server 14.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52929
Cve id: CVE-2012-0942, CVE-2012-1923, CVE-2012-1984, CVE-2012-1985

RealNetwork Helix Server is a multi-format, cross-platform Streaming Media Server software that can deliver high-quality multimedia content to no network location.

Helix Server has multiple vulnerabilities during implementation, which can be exploited by malicious local users to leak sensitive information, execute cross-site scripting attacks, cause denial-of-service attacks, or control defective systems.

1) The Administrator and user creden are stored in the flat file database (\ Program Files \ Real \ Helix Server \ adm_ B _db \ users \) in an insecure manner, attackers can exploit this vulnerability to leak plain text passwords.

2) an error occurs in the SNMP Master agentprocess (master.exe). By establishing and immediately interrupting TCP connections on port 705, services can be interrupted.

3) an input verification error exists when processing the "DisplayString" of the SNMP Object ID. You can create unprocessed exceptions and interrupt the master.exe service by sending a specially crafted "Open-PDU" request to TCP port 705.

4) unknown details error occurred while parsing the rn5auth credential, which can be exploited to cause buffer overflow;

5) some inputs are returned to the user if they are not properly filtered. They can be used to execute HTML and script code.

6) if an error occurs when processing malformed URLs, the server process may crash. However, CRSF attacks against administrator users are required.

<* Source: Dmitriy Pletnev

Link: http://secunia.com/advisories/45414/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Real Networks
-------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://service.real.com/realplayer/security/