Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2022 Tenable Network Security, Inc.QUICKTIME_ADMIN.NASL
HistoryFeb 28, 2003 - 12:00 a.m.

Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities

2003-02-2800:00:00
This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.
www.tenable.com
38

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.659 Medium

EPSS

Percentile

97.9%

JSON

The remote host is running Apple QuickTime Streaming Server.

There are multiple flaws in this version :

  • Remote code execution vulnerability (by default with root privileges)
  • 2 Cross-Site Scripting vulnerabilities
  • Path Disclosure vulnerability
  • Arbitrary Directory listing vulnerability
  • Buffer overflow in MP3 broadcasting module
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

# Original plugin was written by Michael Scheidell
#
# http://web.archive.org/web/20050406013934/http://www.atstake.com/research/advisories/2003/a022403-1.txt

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(11278);
  script_version("1.38");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2003-0050",
    "CVE-2003-0051",
    "CVE-2003-0052",
    "CVE-2003-0053",
    "CVE-2003-0054",
    "CVE-2003-0055",
    "CVE-2003-1414"
  );
  script_bugtraq_id(
    6954,
    6955,
    6956,
    6957,
    6958,
    6960,
    6990
  );

  script_name(english:"Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote server is vulnerable to several flaws.");
  script_set_attribute(attribute:"description", value:
"The remote host is running Apple QuickTime Streaming Server.

There are multiple flaws in this version :

* Remote code execution vulnerability (by default with root privileges)
* 2 Cross-Site Scripting vulnerabilities
* Path Disclosure vulnerability
* Arbitrary Directory listing vulnerability 
* Buffer overflow in MP3 broadcasting module");
  script_set_attribute(attribute:"see_also", value:"http://www.atstake.com/research/advisories/2003/a022403-1.txt");
  script_set_attribute(attribute:"solution", value:
"Install patches from Apple or disable access to this service.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"metasploit_name", value:'QuickTime Streaming Server parse_xml.cgi Remote Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.");

  script_dependencies("find_service1.nasl", "http_version.nasl", "no404.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 1220);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


if ( thorough_tests )
{
 extra_list = make_list ("/AdminHTML");
}
else
  extra_list = NULL;

http_check_remote_code (
			default_port:1220,
			extra_dirs: extra_list,
			check_request:"/parse_xml.cgi?action=login&filename=frameset.html|id%00|",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id",
			xss: 1
			);
VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

Related

securityvulns 1
openvas 1
cert 1
cvelist 7
cve 7
nvd 7
checkpoint_advisories 1
packetstorm 1
securityvulns
securityvulns
QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
2003-02-26 00:00:00
openvas
openvas
Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities
2005-11-03 00:00:00
cert
cert
Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records
2002-06-28 00:00:00
cvelist
cvelist
CVE-2003-0054
2004-09-01 04:00:00
CVE-2003-0052
2004-09-01 04:00:00
CVE-2003-1414
2007-10-20 10:00:00
cve
cve
CVE-2003-0055
2004-09-01 04:00:00
CVE-2003-1414
2007-10-20 10:00:00
CVE-2003-0051
2004-09-01 04:00:00
nvd
nvd
CVE-2003-1414
2003-12-31 05:00:00
CVE-2003-0054
2003-03-07 05:00:00
CVE-2003-0053
2003-03-07 05:00:00
checkpoint_advisories
checkpoint_advisories
Apple Darwin Streaming Server Remote Code Execution (CVE-2003-0050)
2021-04-27 00:00:00
packetstorm
packetstorm
QuickTime Streaming Server parse_xml.cgi Remote Execution
2009-12-31 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.659 Medium

EPSS

Percentile

97.9%

JSON
Related for QUICKTIME_ADMIN.NASL
securityvulns1openvas1cert1cvelist7cve7nvd7checkpoint_advisories1packetstorm1