Rule: -- Sid: 276 -- Summary: This event is generated when a remote attacker transmits a malformed request for a page on a RealNetworks RealServer port, which can indicate a Denial of Service (DoS) attack on the RealServer. -- Impact: The RealNetworks RealServer service will crash. -- Detailed Information: RealNetworks RealServer is a server application that serves streaming audio to clients. When an attacker sends a request for a template file in the /viewsource/ directory with an empty variable value, RealServer crashes. -- Affected Systems: Systems running RealNetworks RealServer 7.0 with View Source functionality enabled. -- Attack Scenarios: An attacker sends an HTTP request for /viewsource/template.html? on a RealServer audio server. RealServer crashes, stopping audio transmission. -- Ease of Attack: Simple. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Upgrade to the latest version of the software or disable the View Source functionality. The vendor has issued an advisory, workarounds, and downloadable patches at http://service.real.com/help/faq/servgviewsrc.html. -- Contributors: Original rule writer unknown Sourcefire Research Team Sourcefire Technical Publications Team Jen Harvey <jennifer.harvey@sourcefire.com> -- Additional References: RealNetworks http://service.real.com/help/faq/servgviewsrc.html --
