Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23721
HistoryApr 29, 2010 - 12:00 a.m.

Security Update for Helix Server and Helix Mobile Server

2010-04-2900:00:00
vulners.com
21

Updated April 14, 2010

RealNetworks is making available product upgrades that contain security bug fixes.

RealNetworks, Inc. has addressed three recently discovered security vulnerabilities.
RealNetworks takes all security vulnerabilities extremely seriously and provides
this information as an aid for users to avoid any potential exploits.

VULNERABILITY DESCRIPTION

CVE-­2010-­1317:
Remotely Exploitable: YES

RealNetworks Helix Server NTLM Authentication Invalid Base64 Heap Overflow
Vulnerability

CVE-­2010-­1318
Remotely Exploitable: YES

Remote exploitation of a stack-­‐based buffer overflow vulnerability within AgentX++,
as distributed with multiple vendors' products, allows attackers to execute arbitrary
code with the privileges of the AgentX master process.

CVE-­2010-­1319
Remotely Exploitable: YES

Remote exploitation of an integer overflow vulnerability within AgentX++, as
distributed with multiple vendors' products, allows attackers to execute arbitrary
code with the privileges of the AgentX master process.

Impacted Products and Versions:
-­‐ Helix Server Version 11.x, 12.x, 13.x
-­‐ Helix Mobile Server Version 11.x, 12.x, 13.x

FIX:
Version 14.0.0 of the Helix Server and the Helix Mobile Server have been updated to
ensure that the above vulnerabilities have been resolved.

SOLUTION:
The vulnerability is resolved on the following platforms by installing Version 14.0.0
of the Helix Server and the Helix Mobile Server. This only pertains to supported
versions of the platforms listed below. The updated version will be available on your
RealNetworks PAM site after 12:00 am PST, on April 14, 2010.

-­‐ Red Hat Enterprise Linux 5
-­‐ Sun Solaris 10
-­‐ Windows 2008
-­‐ Windows 2003

ACKNOWLEDGMENT:
RealNetworks would like to thank Manuel Santamarina Suarez, Joshua J. Drake, and
other anonymous contributors for bringing these exploits to our attention.

WARRANTY:
While RealNetworks endeavors to provide you with the highest quality products
and services, we cannot guarantee and do not warrant that the operation of any
RealNetworks product will be error-­‐free, uninterrupted or secure. See your original
license agreement for details of our limited warranty or warranty disclaimer.