TechTarget

RealNetworks issues flaw alert in Helix

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9...

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.

The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.

Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.

Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - vsrcplin.so and vsrcplin.dll - and to restart the server process.

The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.

RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.

While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.

Real’s proxy products are immune to the exploit.

The alert can be found at www.service.real.com/help/faq/security/rootexploit082203.html.

Written by IT World Canada staff

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close