-
Notifications
You must be signed in to change notification settings - Fork 0
/
HelixServer.xml
144 lines (144 loc) · 15.1 KB
/
HelixServer.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<Vulns> <Vulnerability addData="2005-01-17" gvid="ID104069" id="104069" modifyDate="2012-07-31"> <cvsscode>6.8</cvsscode> <severity>Severe</severity> <name>RealNetworks Helix Administration Service POST缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>当发送特制的HTTP POST请求到管理服务时,某些版本的RealNetworks Helix Universal服务器易受远程利用的缓冲区溢出条件影响。注意:恶意用户必须有效登录到Helix管理服务以利用此漏洞。</Description> <cnnvd>CNNVD-200402-084</cnnvd> <AlternateIds> <id name="CVE">CVE-2004-0049</id> </AlternateIds> <Solutions>厂商补丁:
Real Networks
-------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Helix Universal Server & Gateway 9
Compaq
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Compaq+Tru64+5.1+%26+5.1A&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Compaq+Tru64+5.1+%26+5.1A&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
FreeBSD
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=FreeBSD+4.0+%26+4.5&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=FreeBSD+4.0+%26+4.5&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
HP UX
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=HP+UX+11.0+%26+11.i&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=HP+UX+11.0+%26+11.i&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
IBM AIX
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=IBM+AIX+4.3+%26+5L&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=IBM+AIX+4.3+%26+5L&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
Linux
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Linux+version+2.4.18&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Linux+version+2.4.18&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
Sun Solaris 2.7
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.7&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.7&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
Sun Solaris 2.8
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.8&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Sun+Solaris+2.8&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
Windows
<a href="
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Windows+NT+4.0+%26+2000&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server" target="_blank">
http://forms.real.com/rnforms/products/servers/download/download.final.html?platform=Windows+NT+4.0+%26+2000&product=Helix+Universal+Server&program=basic&version=Helix+Universal+Server</a>
Helix Universal Mobile & Gateway 10:
通过在/Plugins目录中用如下文件代替即可:
Solaris 2.8
<a href="
http://docs.real.com/docs/022604_pluginupdate/solaris/adminfs.so_sunos-58.gz" target="_blank">
http://docs.real.com/docs/022604_pluginupdate/solaris/adminfs.so_sunos-58.gz</a>
Linux
<a href="
http://docs.real.com/docs/022604_pluginupdate/linux/adminfs.so_linux.gz" target="_blank">
http://docs.real.com/docs/022604_pluginupdate/linux/adminfs.so_linux.gz</a></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="Helix Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.882</high> </range>
</version>
<version>
<range> <low>10.0.0.0</low> <high>10.1.1.121</high> </range>
</version>
</Product>
<Product name="Helix DNA Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.882</high> </range>
</version>
<version>
<range> <low>10.0.0.0</low> <high>10.1.1.121</high> </range>
</version>
</Product>
<Product name="RealServer">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.882</high> </range>
</version>
<version>
<range> <low>10.0.0.0</low> <high>10.1.1.121</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2005-01-17" gvid="ID104071" id="104071" modifyDate="2012-07-31"> <cvsscode>7.8</cvsscode> <severity>Critical</severity> <name>Helix Negative Content Length 拒绝服务</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>某些版本的Helix Server易受到拒绝服务攻击,甚至可能是一个遥远的root破坏。此问题源于不正确解析消极的HTT;Content-Length&#39;文件,这可能是由未经身份验证的远程攻击者提出.</Description> <AlternateIds> <id name="CVE"></id> </AlternateIds> <Solutions>目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
https://www.alice-dsl.de/</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="Helix Server">
<version>
<range> <low>0.0.0.0</low> <high>9.0.4.960</high> </range>
</version>
</Product>
<Product name="Helix DNA Server">
<version>
<range> <low>0.0.0.0</low> <high>9.0.4.960</high> </range>
</version>
</Product>
<Product name="RealServer">
<version>
<range> <low>0.0.0.0</low> <high>9.0.4.960</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2005-01-18" gvid="ID104073" id="104073" modifyDate="2013-12-04"> <cvsscode>7.5</cvsscode> <severity>Critical</severity> <name>RealNetworks RealServer和Helix DESCRIBE缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>当发送特制的DESCRIBE请求到服务器时,RealNetworks公司的Helix Universal Server的某些版本易受到远程可利用的缓冲区溢出条件请求的影响。</Description> <cnnvd></cnnvd> <AlternateIds> <id name="CVE">CVE-2003-0725,CVE-2002-1643</id> </AlternateIds> <Solutions></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="Helix Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.802</high> </range>
</version>
</Product>
<Product name="Helix DNA Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.802</high> </range>
</version>
</Product>
<Product name="RealServer">
<version>
<range> <low>9.0.0.0</low> <high>9.0.2.802</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2005-01-18" gvid="ID104075" id="104075" modifyDate="2015-02-13"> <cvsscode>7.8</cvsscode> <severity>Critical</severity> <name>RealNetworks Helix Universal服务器的请求拒绝服务</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>当发送有错误的GET_PARAMETER和DESCRIBE请求时,某些版本的RealNetworks Helix Universal服务器易受到拒绝服务攻击。</Description> <cnnvd>CNNVD-200406-023</cnnvd> <AlternateIds> <id name="CVE">CVE-2004-0389</id> </AlternateIds> <Solutions>厂商补丁:
Real Networks
-------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href="
http://www.real.com" target="_blank">
http://www.real.com</a></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="Helix Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.3.916</high> </range>
</version>
</Product>
<Product name="Helix DNA Server">
<version>
<range> <low>9.0.0.0</low> <high>9.0.3.916</high> </range>
</version>
</Product>
<Product name="RealServer">
<version>
<range> <low>9.0.0.0</low> <high>9.0.3.916</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2005-01-18" gvid="ID104076" id="104076" modifyDate="2012-07-31"> <cvsscode>9.3</cvsscode> <severity>Critical</severity> <name>RealNetworks RealServeer和Helix Universal Server服务器节点,RTSP URI缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>当检查一个RTSP请求的URI时,某些版本的RealNetworks RealServer和Helix Universal Server易受到远程利用缓冲区溢出条件的影响。</Description> <AlternateIds> <id name="CVE"></id> </AlternateIds> <Solutions>目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
https://www.alice-dsl.de/</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="Helix Server">
<version>
<range> <low>0.0.0.0</low> <high>8.0.2.471</high> </range>
</version>
</Product>
<Product name="Helix DNA Server">
<version>
<range> <low>0.0.0.0</low> <high>8.0.2.471</high> </range>
</version>
</Product>
<Product name="RealServer">
<version>
<range> <low>0.0.0.0</low> <high>8.0.2.471</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability></Vulns>