Home page logo

bugtraq logo Bugtraq mailing list archives

Re: RealServer exposes internal IP addresses
From: monwel () INTERHACK NET (Doug Monroe)
Date: Thu, 9 Mar 2000 11:18:37 -0500

tschweikle () FIDUCIA DE wrote:
RealServer exposes internal IP addresses if requested to
deliver real media files: -> HTTP
  GET /ramgen/extern/genoverb/weinkauf.rm HTTP/1.0 -> HTTP
  (proxy) R port=1210 -> HTTP
  HTTP/1.0 200 OK -> HTTP
The Server is located inside a DMZ. Network-Address
translation is in effect from internet as is from campus.
In my opinion this may be usedfull for an intruder, and
RealNetworks should fix this. I've informed them about
6 weeks ago, calling them again four weeks later, then
14 days ago, but no reaction on there side until now.

FWIW - some time ago (Sept.99) I addressed this issue with Real. I sent them
a similar bit of info:
$ GET http://realg2.example.com:8080/ramgen/foo.rm
server info:
WinNT Version

I got this reply:
1. Add the following line to the end of your rmserver.cfg:
<Var HostName="IP-or-HostName"/>
2. In the URL add the text "?usehostname"
so that your URL will look like:
The variable <Var HostName="IP-or-HostName"/>  is only supported in
the RealServer 6.1 Beta version.

I don't have any idea what version they're up to currently or if any of
this indeed works...
I lost interest myself.

Doug Monroe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]