Vulnerabilities > CVE-2003-0725 - Unspecified vulnerability in Realnetworks Helix Universal Server and Realserver

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
realnetworks
nessus
exploit available
NVD
Published: 2003-10-20
Updated: 2024-11-20

Summary

Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Realnetworks
12

Exploit-Db

descriptionReal Server 7/8/9 Remote Root Exploit (Windows & Linux). CVE-2003-0725. Remote exploits for multiple platform
idEDB-ID:86
last seen2016-01-31
modified2003-08-25
published2003-08-25
reporterJohnny Cyberpunk
sourcehttps://www.exploit-db.com/download/86/
titleReal Server 7/8/9 - Remote Root Exploit Windows & Linux

Nessus

NASL familyGain a shell remotely
NASL idHELIX_OVERFLOW.NASL
descriptionThe remote host is running RealServer or Helix Universal Server, media streaming servers. According to its banner, the version of the server installed on the remote host may be affected by a buffer overflow vulnerability when handling URLs with many
last seen2020-06-01
modified2020-06-02
plugin id11642
published2003-05-21
reporterThis script is Copyright (C) 2003-2018 Montgomery County Maryland Government Security Team
sourcehttps://www.tenable.com/plugins/nessus/11642
titleHelix Servers View Source Plug-in RTSP Parser Overflow
code
#
# This script was written by Keith Young
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Revised plugin title, family change (8/15/09)


include("compat.inc");

if(description)
{
 script_id(11642);
 script_version ("1.21");

 script_cve_id("CVE-2003-0725");
 script_bugtraq_id(8476);
 
 script_name(english:"Helix Servers View Source Plug-in RTSP Parser Overflow");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote media streaming server is susceptible to buffer overflow
attacks." );
 script_set_attribute(attribute:"description", value:
"The remote host is running RealServer or Helix Universal Server, media
streaming servers. 

According to its banner, the version of the server installed on the
remote host may be affected by a buffer overflow vulnerability when
handling URLs with many '/' characters and another when handling
unspecified RTSP methods.  Using a specially crafted request, an
attacker may be able to leverage either of these issues to execute
arbitrary code subject to the privileges of the user under which the
server operates, generally root or Administrator." );
 # https://web.archive.org/web/20030804003324/http://service.real.com/help/faq/security/bufferoverrun030303.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7b272fb" );
 # http://web.archive.org/web/20031005094136/http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d552d421" );
 # https://web.archive.org/web/20030828052345/http://www.service.real.com/help/faq/security/rootexploit082203.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12fa2abc" );
 # https://web.archive.org/web/20031005080411/http://www.service.real.com/help/faq/security/rootexploit091103.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?296d4dc9" );
 script_set_attribute(attribute:"solution", value:
"Install the Helix Universal Server 9.01 Security Update or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_set_attribute(attribute:"plugin_publication_date", value: "2003/05/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/08/22");
 script_cvs_date("Date: 2018/08/22 16:49:14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_summary(english:"RealServer and Helix Server Overflow");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Montgomery County Maryland Government Security Team");
 script_family(english:"Gain a shell remotely");
 script_dependencie("rtsp_detect.nasl");
 script_require_ports("Services/rtsp", 554);
 exit(0);
}

#
# Open the connection on port 554 and send the OPTIONS string
#

 port = get_kb_item("Services/rtsp");
 if(!port)port = 554;
 if (get_port_state(port))
 {
  soc = open_sock_tcp(port);
  if (soc)
  {
   data = string("OPTIONS * RTSP/1.0\r\n\r\n");
   send(socket:soc, data:data);
   header = recv(socket:soc, length:1024);
   if(("RTSP/1" >< header) && ("Server:" >< header)) {
     server = egrep(pattern:"Server:",string:header);

# Currently, all versions up to and including 9.0.1 are affected

     if( (egrep(pattern:"Version [0-8]\.[0-9]", string:server)) ||
         (egrep(pattern:"Version 9\.0\.[0-1]", string:server)) ) {
      security_hole(port);
     }
   }
  close(soc);
  }
 }

References