RealNetworks issues flaw alert in Helix

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9...

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.

The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.

Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.

Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - vsrcplin.so and vsrcplin.dll - and to restart the server process.

The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.

RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.

While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.

Real’s proxy products are immune to the exploit.

The alert can be found at www.service.real.com/help/faq/security/rootexploit082203.html.

Written by IT World Canada staff

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close