SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Multimedia)  >  QuickTime/Darwin Streaming Server Vendors:  Apple Computer
Apple Darwin Streaming Server DESCRIBE Buffer Overflow Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009192
CVE Reference:  CAN-2004-0169   (Links to External Site)
Date:  Feb 24 2004
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  iDEFENSE
Version(s): 4.1.3
Description:  iDEFENSE reported a vulnerability in Apple's QuickTime Darwin Streaming Server. A remote user can cause denial of service conditions.

It is reported that a remote user can send a DESCRIBE request containing a specially crafted User-Agent fields. A User-Agent field that contains more than 255 characters can cause the error, the report said.

According to the report, a remote user can trigger the flaw to prevent users from accessing streamed content.

The vendor was reportedly notified on January 29, 2004.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=75
Impact:  A remote user can deny streaming service to other users.
Solution:  The vendor has issued a fix as part of Security Update 2004-02-23 for Mac OS X, available at:

* Software Update pane in System Preferences (Mac OS X 10.3.2 and Mac OS X 10.2.8)

* Apple's Software Downloads web site:

Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is: dfe48ca16839e693674cf55995986f11d8282777

Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530

Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b

Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7

The vendor reports that QuickTime Streaming Server updates for platforms other than Mac OS X Server are available at:

http://developer.apple.com/darwin/projects/streaming/
Vendor URL:  www.apple.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  iDefense Labs <labs@iDefense.com>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 24 2004 (Apple Issues Fix) Apple Darwin Streaming Server DESCRIBE Buffer Overflow Lets Remote Users Deny Service   (Apple Product Security <product-security@apple.com>)
Apple has released a fix.


 Source Message Contents
Date:  Tue, 24 Feb 2004 02:03:57 -0500
From:  iDefense Labs <labs@iDefense.com>
Subject:  iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote

 

iDEFENSE Security Advisory 02.23.04

Darwin Streaming Server Remote Denial of Service Vulnerability
http://www.idefense.com/application/poi/display?id=75
February 23, 2004

I. BACKGROUND

Darwin Streaming Server is server technology allowing for the streaming
of QuickTime data to clients across the Internet using the industry
standard RTP and RTSP protocols.

II. DESCRIPTION

Exploitation of a flaw in Apple Computer Inc's Darwin Streaming Server
allows unauthenticated remote attackers to prevent legitimate usage.

The vulnerability specifically occurs upon parsing of DESCRIBE requests
with specially crafted User-Agent fields. Making a request with a
User-Agent field containing over 255 characters causes an assert error
in CommonUtilitiesLib/StringFormatter.h line 97:

virtual void BufferIsFull(char* /*inBuffer*/, UInt32/*inBufferLen*/)
 
     Assert(0);
 

Successful exploitation disrupts further content streaming
capabilities.

III. ANALYSIS

Any remote unauthenticated attacker can exploit the vulnerability
thereby preventing legitimate users from accessing streamed content.

iDEFENSE has obtained proof of concept exploit code for this
vulnerability.

IV. DETECTION

iDEFENSE has confirmed that the latest version of Darwin Streaming
Server, version 4.1.3, is vulnerable.

V. VENDOR RESPONSE

This is fixed in Security Update 2004-02-23 available for Mac OS X
10.3.2 Server and Mac OS X 10.2.8 Server.  The update and further
information is available from Apple's Support site at:
http://www.apple.com/support/

VI. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
CAN-2004-0169 to this issue. This is a candidate for inclusion in the
CVE list (http://cve.mitre.org), which standardizes names for security
problems.

VII. DISCLOSURE TIMELINE

December 8, 2003    Exploit acquired by iDEFENSE
January 29, 2004    iDEFENSE clients notified
January 29, 2004    Initial vendor notification
January 29, 2004    Vendor response received
February 23, 2004   Coordinated public disclosure


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC