2411.txt

来自「This is the snapshot of Snot Latest Rule」· 文本 代码 · 共 58 行

Rule:  

--
Sid:
2411

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in RealNetworks Helix Media Server.

--
Impact:
Serious. Execution of arbitrary code is possible.

--
Detailed Information:
Versions of RealNetworks Helix Media Server and RealSystem Server are vulnerable to a buffer overflow condition that may present the attacker with the opportunity to execute code of their choosing on the target system.

This may then present the attacker with the opportunity to gain a remote root shell, thus compromising the system.

--
Affected Systems:
Helix Universal Server 9.01, versions 9.0.2.794 and earlier
RealSystem Server 8.0 & 7.0

--
Attack Scenarios:
The attacker may probe for the existence of an affected server and then use one of the publicly available scripts to exploit the service.

--
Ease of Attack:
Simple. Exploits exists.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Vulnerability Research Team
Matt Watchinski <mwatchinski@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--