[39605] in bugtraq
APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce
daemon@ATHENA.MIT.EDU (Sowhat .)
Wed Jul 13 12:00:38 2005
Message-ID: <d65cd4390507130221a5bc4db@mail.gmail.com>
Date: Wed, 13 Jul 2005 17:21:22 +0800
From: "Sowhat ." <smaillist@gmail.com>
Reply-To: "Sowhat ." <smaillist@gmail.com>
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce
By Sowhat
2005.07.13
http://secway.org/Advisory/AD20050713.txt
Vendor
Apple Inc.
Product Affected
Darwin Streaming Server 5.5 and below (for Win32)
CVE-ID: CAN-2005-2195
OverView:
Darwin Streaming Server is server technology allowing for the streaming
of QuickTime data to clients across the Internet using the industry
standard RTP and RTSP protocols.
Details:
Darwin Streaming Server is distributed with a web-based
admin application that allows it to be configured through a web
browser. Version 5.5 and below of the Windows 2000/2003 Server distribution
of this package is vulnerable to a denial of service.
Exploitation of this flaw allows unauthenticated remote attackers to prevent
legitimate usage.
The vulnerability specifically occurs upon the attacker Requesting
a MS-DOS device name (e.g. AUX) over HTTP (port 1220) with a .cgi extention.
please note that this is not the CAN-2003-0421 And CAN-2003-0502 reported
bye Rapid7 in 2003,
http://www.rapid7.com/advisories/R7-0015.html
CAN-2003-0421 GET /AUX HTTP/1.0
CAN-2003-0502 GET /../AUX HTTP/1.0
This time , GET /AUX.cgi HTTP/1.0
Vendor Response:
Vendor notified on 2005.06.27 via email to product-security@apple.com
Vendor responsed on 2005.06.28 AND published the patched version 5.5.1
on 2005.07.12
Please update to Darwin Streaming Server 5.5.1
http://developer.apple.com/darwin/projects/streaming/
