Detections
Analytics

RealNetworks Helix Server < 13.0.0 Multiple Remote DoS

medium Nessus Plugin ID 40350

Language:

Synopsis

The remote media streaming server is affected by multiple denial of service vulnerabilities.

Description

According to its banner, The remote host is running version 12.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are reportedly affected by multiple issues :

 - By sending a specially crafted 'RTSP' (SET_PARAMETERS) request with a 'DataConvertBuffer' parameter and either no 'Content-Length' header or an invalid 'Content-Length' header, an attacker may be able to crash the remote Helix server process. (CVE-2009-2533)

 - By sending a 'SETUP' request without including a '/' character in it, a remote attacker may be able to crash the remote Helix server process. (CVE-2009-2534)

Solution

Update to RealNetworks Helix Server / Helix Mobile Server 13.0.0 or later.

See Also

http://www.coresecurity.com/content/real-helix-dna

https://seclists.org/bugtraq/2009/Jul/121

http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf

Plugin Details

Severity: Medium

ID: 40350

File Name: helix_svr_13_multiple.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 7/21/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2009

Vulnerability Publication Date: 7/17/2009

Reference Information

CVE: CVE-2009-2533, CVE-2009-2534

BID: 35731, 35732

CWE: 20

Secunia: 35815