RealNetworks issues flaw alert in Helix

News

RealNetworks issues flaw alert in Helix

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.

The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.

Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.

Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - vsrcplin.so and vsrcplin.dll - and to restart the server process.

The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.

RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.

While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.

Real’s proxy products are immune to the exploit.

The alert can be found at www.service.real.com/help/faq/security/rootexploit082203.html.

Written by IT World Canada staff


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy