Quicktime/Darwin Streaming Server DESCRIBE Request Denial of Service
SECUNIA ADVISORY ID:
SA10956
VERIFY ADVISORY:
http://secunia.com/advisories/10956/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Darwin Streaming Server 4.x
Quicktime Streaming Server 4.x
DESCRIPTION:
iDEFENSE has reported a vulnerability in QuickTime/Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an assert error when parsing certain DESCRIBE requests. This can be exploited to disrupt functionality by sending such a request with specially crafted "User-Agent" fields containing more than 255 characters.
The vulnerability has been reported in version 4.1.3. Other versions may also be affected.
SOLUTION:
Apply Security Update 2004-02-23 for Mac OS X Server.
- Mac OS X 10.3.2 Server:
http://www.info.apple.com/kbnum/n120324
- Mac OS X 10.2.8 Server:
http://www.info.apple.com/kbnum/n120322
NOTE: Security Update 2004-02-23 also fixes other vulnerabilities:
SA10959 - Updates for Darwin Streaming Server:
http://developer.apple.com/darwin/projects/streaming/
PROVIDED AND/OR DISCOVERED BY:
iDEFENSE
ORIGINAL ADVISORY:
http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities
OTHER REFERENCES:
SA10959:
http://secunia.com/advisories/10959/
For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10956/
