|
|
|
|
| |
Darwin Streaming Server is "an open source version of Apple's QuickTime Streaming Server technology that allows you to send streaming media to clients across the Internet using the industry standard RTP and RTSP protocols".
Remote exploitation of an input validation vulnerability in Apple's Darwin Streaming Server allows attackers to cause a denial of service condition. |
| |
Credit:
The information has been provided by iDEFENSE Security Labs.
The original article can be found at: http://www.idefense.com/application/poi/display?id=159&type=vulnerabilities
|
| |
Vulnerable Systems:
* Darwin Streaming Server versions 5.0.1, possibly prior
Immune Systems:
* Updated versions of Mac OS X client and server, see below
CVE Information:
CAN-2004-1123 - Darwin Streaming Server DESCRIBE Null Byte DoS
The vulnerability is caused by insufficient input validation of arguments passed with the DESCRIBE request. A remote attacker can send a request for a location containing a null byte to cause a denial of service condition resulting in the following backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1026 (LWP 9648)]
0x4207ac9e in chunk_free () from /lib/i686/libc.so.6
(gdb) bt
#0 0x4207ac9e in chunk_free () from /lib/i686/libc.so.6
#1 0x4207ac24 in free () from /lib/i686/libc.so.6
#2 0x08096406 in FindOrCreateSession (inPath=0x408caf3c,
inParams=0x81746f0, inData=0x0, isPush=0, foundSessionPtr=0x0) at
APIModules/QTSSReflectorModule/QTSSReflectorModule.cpp:1262
Impact
Successful exploitation allows any remote unauthenticated attacker to crash the targeted server, thereby preventing legitimate users from accessing streamed content.
Patch Availability:
The following updates are available for the Mac OS X client and server:
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server
Disclosure Timeline:
09/10/2004 - Initial vendor notification
09/15/2004 - Initial vendor response
12/03/2004 - Coordinated public disclosure
|
|
|
|
|
|
|
|
|
|
