RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.
The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.
Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.
Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - vsrcplin.so and vsrcplin.dll - and to restart the server process.
The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.
RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.
While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.
Real’s proxy products are immune to the exploit.
The alert can be found at www.service.real.com/help/faq/security/rootexploit082203.html.
Written by IT World Canada staff