RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.
The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.
Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - vsrcplin.so and vsrcplin.dll - and to restart the server process.
The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.
RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.
While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.
Real’s proxy products are immune to the exploit.
The alert can be found at www.service.real.com/help/faq/security/rootexploit082203.html.
Written by IT World Canada staff