Short Name |
APP:REAL:HELIX-NTLM-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
RealNetworks Helix Server NTLM Authentication Heap Overflow |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known heap-based buffer overflow vulnerability in RealNetworks Helix Server products. It is due to an error when handling Base64-encoded NTLM Authentication data. A remote unauthenticated attacker can exploit this by sending a maliciously crafted request to the target server. A successful attack can allow for arbitrary code injection and execution with the privileges of the server process. Code injection that does not result in execution could terminate the application due to memory corruption and cam result in a denial-of-service condition.
RealNetworks Helix Server and Helix Mobile Server are prone to a remote heap-based buffer-overflow vulnerability during NTLM authentication. Exploiting this issue may allow attackers to gain unauthorized access to affected computers. Failed attempts may cause the affected application to crash, denying service to legitimate users. This issue affects versions prior to Helix Server and Helix Mobile Server 14.0. NOTE: This BID was formerly titled 'RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities' and covered three vulnerabilities; the two AgentX issues have received their own records (39561 AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability and 39564 AgentX++ 'AgentX::receive_agentx()' Remote Stack Buffer Overflow Vulnerability) to better document them.