Technical Description
Two vulnerabilities have been identified in Helix DNA Server, which could be exploited by remote attackers to execute arbitrary commands.
The first issue is due to a buffer overflow error in the RTSP service that does not properly handle a malformed "User-Agent" header, which could be exploited by remote attackers to compromise a vulnerable server.
The second flaw is due to an unspecified error when parsing HTTP URL schemes, which could be exploited by remote attackers to execute arbitrary commands.
Affected Products
Helix DNA Server versions 10.0.x
Helix DNA Server versions 11.0.x
Solution
Upgrade to Helix DNA Server version 11.1 :
https://helix-server.helixcommunity.org/2005/devdocs/builds
