[webcast-l] [Fwd: RealNetworks Security Update 4/07/04]

Bill Best bill at commedia.org.uk
Thu Apr 8 01:02:09 BST 2004 

-------- Original Message --------

Subject: RealNetworks Security Update 4/07/04
Date: Wed, 7 Apr 2004 10:23:46 -0700 (PDT)
From: RealNetworks Sales

This email has been sent to you as a part of RealNetworks' continuing 
effort to inform you of security issues that may put you at risk.  While 
we have not received any reports of anyone being attacked through the 
exploits we detail below, all security vulnerabilities are taken very 
seriously by RealNetworks Inc.


Player security vulnerability

RealNetworks Inc. has recently been made aware of a security 
vulnerability that could potentially allow an attacker to run arbitrary 
code on a user's machine.

The specific exploit was:

To fashion an R3T media file to create a "Buffer Overrun" error.

Real has found and fixed the problem.

Affected Software:

The following software is only vulnerable if users have taken a past 
action to download the specialized R3T plug-in.  This exploit affects 
RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all 
languages), RealPlayer 10 Beta (English only) and ReaPlayer Enterprise 
(all versions, standalone and as configured by the ReaPlayer Enterprise 
Manager).

RealPlayer 10 Gold is not vulnerable as the affected component, if 
present, is removed during installation.

Workaround:

To ensure that your Player is protected, we recommend installing the 
update available which will remove the vulnerable plug-in.

All consumer players can be protected by reinstalling the player with 
RealPlayer10. See http://service.real.com/help/faq/security/ for more 
information.

RealPlayer Enterprise Manager and RealOne Desktop Manager can do any of 
the following to remedy the vulnerability (NOTE: You only need to secure 
your clients if they have installed the R3T (Real 3D text) plug-in).

  * Create a new player without the R3T plugin
  * Upgrade to RealPlayer Enterprise Manager
  * Download the Free Enterprise player from 
http://www.realnetworks.com/products/free_trial.html
  * Manually remove the R3T plugin (Call tech support for instructions)


Server Security Vulnerability

The specific exploit is:

Helix Universal Server/Proxy 9 contains a potential root exploit when 
certain types of HTTP POST messages are sent to the server's 
Administration System port. Helix Mobile Server and Gateway 10 is 
vulnerable to a similar type of attack. By utilizing this exploit, an 
attacker could potentially gain inappropriate access to the system on 
which the server/proxy is running. Note that RealNetworks knows of no 
systems which have been compromised due to this vulnerability.

Note also that this vulnerability requires administrator login access to 
the server/proxy Administration system. If administrator access is 
properly controlled, the risk of the vulnerability is negligible.

Impacted Products and Versions:

  * Helix Universal Mobile Server & Gateway 10, versions 10.1.1.120 and 
prior
  * Helix Universal Server & Gateway 9, version 9.0.2.881 and prior

  RealSystem Server and Proxy versions 8.x and earlier are not impacted 
by this vulnerability.

SOLUTION:
Download the adminsf plugin or a new server build at:

http://service.real.com/help/faq/security/security022604.html

Best Regards,
RealNetworks Essential Support Services team.

More information about the webcast-l mailing list