RealNetworks RealServer G2 username/password buffer overflow
----------------------------------------------------------------------------
----
SUMMARY
There is a buffer overflow vulnerability in the web authentication on the
RealServer administrator port. By sending a long user/password pair you
can overflow the buffer and execute arbitrary code.
DETAILS
Example:
GET /admin/index.html HTTP/1.0
Connection: Keep-Alive
...
Authorization: Basic <long base64 encoded user/password>
As basic authorization is base64 encoded, this made coding an exploit
extremely annoying - but, of course, could be done.
Exploit code:
An example code has been written for the latest (at present) freely
available NT version of RealServer G2 and is available at:
- <http://www.beavuh.org/exploits/realown.exe> RealServer G2 [NT] binary
- <http://www.beavuh.org/exploits/realown.asm> RealServer G2 [NT] source
The exploit will spawn a command prompt on port 6968 and has been tested
extensively.
This was tested with a default installation - if RealServer is installed
in a different directory than the default, the buffer will need to be
adjusted accordingly.
ADDITIONAL INFORMATION
This vulnerability has been discovered by: <mailto:[EMAIL PROTECTED]>
dark spyrit.
========================================
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
