Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability

Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability

From: Christopher Schulte <christopher_at_SCHULTE.ORG>
Date: Fri, 2 Jun 2000 15:14:04 -0500

Confirmed fixed, Ryan, on both the 7 and 8 series of realserver.

It should be noted that the 6.x series does not have the 'viewsource'
variable available, so it's undoubtedly unaffected. When I pull up the DoS
url on a 6 server, I get a 404. Just like what happens when I comment out
the VAR in the 7 and 8 cfg files.

Looks like just 7 and 8 are affected.

Thanks for this fix........

At 05:02 PM 6/1/00 -0700, Ryan Russell wrote:
>I believe I have a temporary workaround.
>
>In the rmserver.cfg file, there's a section like this:
>
><!-- H T T P S U P P O R T --> <List Name="HTTPDeliverable">
> <Var Path_0="/admin"/>
> <Var Path_1="/ramgen"/>
> <Var Path_2="/farm"/>
> <Var Path_3="/httpfs"/>
> <Var Path_4="/viewsource"/>
></List>
>
>On my Real server, I've removed this line:
><Var Path_4="/viewsource"/>
>
>I *think* this only has the consequence that people can't pull down file
>details for audio content for the moment. We can still serve up audio
>just fine.
>
> Ryan 

--
Christopher Schulte | christopher_at_schulte.org
cell:612.986.4859   | home:651.225.4557 | fax: 651.315.3339
page:612.264.1115   | free:877.271.9245 | site: schulte.org
COMING SOON http://SchulteConsulting.COM/
reliable computer consulting at a fair price.
Received on Jun 03 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos