|
|
|
Credit:
The information has been provided by Santamarina Suarez.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=867
|
|
Vulnerable Systems:
* RealNetworks Helix Server v12 on Linux
* RealNetworks Helix Server v12 on Windows 2003 SP2
* AgentX++ source code v1.4.16
This vulnerability exists within the AgentX::receive_agentx function. By sending multiple blocks of data to the vulnerable function, an attacker could overwrite the data following the stack buffer, including the saved return address
Exploitation allows an attacker to execute arbitrary code with the privileges of the running AgentX master process. In order to exploit this vulnerability, the attacker must be able to connect to the AgentX master port, usually TCP port 705. No authentication is required.
In the case of RealNetworks Helix Server v12, there is an option to install the AgentX master as an NT service. If installed in this way, the AgentX master will run with SYSTEM privileges. The privileges with which this process runs varies in other situations.
Although the issue is present in the Linux version of Helix Server v12, it is not exploitable due to stack buffer padding added by the GNU compiler. Reliable code execution has been confirmed on Windows targets.
Patch Availability:
RealNetworks Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URL.
http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf
CVE Information:
CVE-2010-1318
Disclosure Timeline:
11/03/2008 Initial Vendor Notification
01/14/2009 Initial Vendor Reply
04/15/2010 Coordinated Public Disclosure
|
|
|
|