APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce Jul 13 2005 09:21AM
Sowhat . (smaillist gmail com)
APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce

By Sowhat

Apple Inc.

Product Affected
Darwin Streaming Server 5.5 and below (for Win32)

CVE-ID: CAN-2005-2195


Darwin Streaming Server is server technology allowing for the streaming
of QuickTime data to clients across the Internet using the industry
standard RTP and RTSP protocols.


Darwin Streaming Server is distributed with a web-based
admin application that allows it to be configured through a web
browser. Version 5.5 and below of the Windows 2000/2003 Server distribution
of this package is vulnerable to a denial of service.

Exploitation of this flaw allows unauthenticated remote attackers to prevent
legitimate usage.

The vulnerability specifically occurs upon the attacker Requesting
a MS-DOS device name (e.g. AUX) over HTTP (port 1220) with a .cgi extention.

please note that this is not the CAN-2003-0421 And CAN-2003-0502 reported
bye Rapid7 in 2003,

CAN-2003-0421 GET /AUX HTTP/1.0
CAN-2003-0502 GET /../AUX HTTP/1.0
This time , GET /AUX.cgi HTTP/1.0

Vendor Response:

Vendor notified on 2005.06.27 via email to product-security (at) apple (dot) com [email concealed]
Vendor responsed on 2005.06.28 AND published the patched version 5.5.1
on 2005.07.12

Please update to Darwin Streaming Server 5.5.1

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus