2411.txt

来自「snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具」· 文本 代码 · 共 67 行

Rule:  

--
Sid:
2411

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in RealNetworks Helix Media Server.

--
Impact:
Serious. Execution of arbitrary code is possible.

--
Detailed Information:
Versions of RealNetworks Helix Media Server and RealSystem Server are
vulnerable to a buffer overflow condition that may present the attacker
with the opportunity to execute code of their choosing on the target
system.

This may then present the attacker with the opportunity to gain a remote
root shell, thus compromising the system.

--
Affected Systems:
	 Helix Universal Server 9.01, versions 9.0.2.794 and earlier
	  RealSystem Server 8.0 & 7.0

--
Attack Scenarios:
The attacker may probe for the existence of an affected server and then
use one of the publicly available scripts to exploit the service.

--
Ease of Attack:
Simple. Exploits exists.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Research Team
Matt Watchinski <mwatchinski@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

RealNetworks
http://www.service.real.com/help/faq/security/rootexploit091103.html

--