Apple QuickTime Streaming Server User-Agent Overflow DoS

2004-02-23T00:00:00
ID OSVDB:6837
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2004-02-23T00:00:00

Description

Vulnerability Description

A remote overflow exists in Quicktime Streaming Server. The server fails to validate DESCRIBE requests in specially crafted User-Agent fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Quicktime Streaming Server. The server fails to validate DESCRIBE requests in specially crafted User-Agent fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.

References:

Secunia Advisory ID:10956 Related OSVDB ID: 6826 Other Advisory URL: http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities ISS X-Force ID: 15291 Generic Exploit URL: http://packetstormsecurity.nl/0402-advisories/02.23.04.txt CVE-2004-0169 CERT VU: 460350 Bugtraq ID: 9735