---------- Forwarded message ---------- Date: Mon, 15 Nov 1999 15:37:55 -0800 From: Ryan Hill <ryanat_private> To: 'dark spyrit' <dspyritat_private> Cc: "'ntbugtraqat_private'" <ntbugtraqat_private> Subject: RE: RealNetworks RealServer G2 buffer overflow. Update: Since I did not see a resolution posted to the list, nor did I ever receive an annoucment or notice from RealNetworks of a released fix, I thought the list would appreciate the update for this particular exploit: http://service.real.com/help/faq/servg260.html Regards, Ryan _____________________ Ryan Hill MCSE, MCP+I Information Technology Systems Specialist TVW, Washington State's Public Affairs Network http://www.tvw.org -----Original Message----- From: dark spyrit [mailto:dspyritat_private] Sent: Thursday, November 04, 1999 6:26 AM To: NTBUGTRAQat_private Subject: RealNetworks RealServer G2 buffer overflow. As everyone seems to have the giving spirit at present, here's a little something from the beavuh crew. A buffer overflow exists in the web authentication on the RealServer administrator port. By sending a long user/password pair you can overflow the buffer and execute arbitrary code. e.g. - GET /admin/index.html HTTP/1.0 Connection: Keep-Alive .... Authorization: Basic <long base64 encoded user/password> As basic authorization is base64 encoded, this made coding an exploit extremely annoying - but, of course, could be done. <snip>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:05 PDT