Date: Thu, 20 Apr 2000 23:55:13 -0700 From: David Cotter <dcotter@REAL.COM> Subject: Remote DoS attack in RealServer To: BUGTRAQ@SECURITYFOCUS.COM On April 20th, 2000, a RealServer Denial of Service exploit potentially affecting all RealServers was brought to the attention of RealNetworks. The specific exploit involves a stack overflow in the PNA protocol handling scheme and can ultimately cause the RealServer to discontinue serving streams until the RealServer is restarted or "rebooted" by the System Administrator. We have not yet received reports of anyone actually being attacked with this exploit; however, we have prepared an update to the RealServer Software that will defeat this specific attack. Please go to the below URL for download instructions. http://service.real.com/help/faq/servg270.html ------------------------------------------------------------------------ Dave Cotter Program Manager, RealNetworks, Inc. Ph: 1 206 674 2491 Pgr: 206-975-5640