[LWN Logo]

Date:         Thu, 20 Apr 2000 23:55:13 -0700
From: David Cotter <dcotter@REAL.COM>
Subject:      Remote DoS attack in RealServer
To: BUGTRAQ@SECURITYFOCUS.COM

On April 20th, 2000, a RealServer Denial of Service exploit potentially
affecting all RealServers was brought to the attention of RealNetworks. The
specific exploit involves a stack overflow in the PNA protocol handling
scheme and can ultimately cause the RealServer to discontinue serving
streams until the RealServer is restarted or "rebooted" by the System
Administrator.

We have not yet received reports of anyone actually being attacked with
this exploit; however, we have prepared an update to the RealServer
Software that will defeat this specific attack.  Please go to the below URL
for download instructions.

http://service.real.com/help/faq/servg270.html


------------------------------------------------------------------------
Dave Cotter
Program Manager, RealNetworks, Inc.
Ph: 1 206 674 2491
Pgr: 206-975-5640