1. Computing & Technology

[SA10956] Quicktime/Darwin Streaming Server DESCRIBE Request Denial of Service

Quicktime/Darwin Streaming Server DESCRIBE Request Denial of Service

From

TITLE:
Quicktime/Darwin Streaming Server DESCRIBE Request Denial of Service

SECUNIA ADVISORY ID:
SA10956

VERIFY ADVISORY:
http://secunia.com/advisories/10956/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Darwin Streaming Server 4.x
Quicktime Streaming Server 4.x

DESCRIPTION:
iDEFENSE has reported a vulnerability in QuickTime/Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an assert error when parsing certain DESCRIBE requests. This can be exploited to disrupt functionality by sending such a request with specially crafted "User-Agent" fields containing more than 255 characters.

The vulnerability has been reported in version 4.1.3. Other versions may also be affected.

SOLUTION:
Apply Security Update 2004-02-23 for Mac OS X Server.

PROVIDED AND/OR DISCOVERED BY:
iDEFENSE

ORIGINAL ADVISORY:
http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities

OTHER REFERENCES:
SA10959:
http://secunia.com/advisories/10959/

For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10956/

©2012 About.com. All rights reserved.

A part of The New York Times Company.