APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce
From: "Sowhat ." <smaillist@xxxxxxxxx>
Date: Wed, 13 Jul 2005 17:21:22 +0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NtzAjgUygiP5g6R3zfOVOJxIUVsPITj0dahhmzPWKhNIPkonndqj+FfNdX8VWRzC0mfJMHKdG4VxtAgtnyq8lsvwomPjqsZ1WvKm1tB3W6Fc7FWXAn2j+Jcp+HP1dMoHCGxuDeNm2S5O4uIvLVClY+i0TejR1lMddlP+lt7ol6s=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: "Sowhat ." <smaillist@xxxxxxxxx>

APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce

By Sowhat
2005.07.13
http://secway.org/Advisory/AD20050713.txt

Vendor
Apple Inc.

Product Affected
Darwin Streaming Server 5.5 and below (for Win32)

CVE-ID:  CAN-2005-2195


OverView:

Darwin Streaming Server is server technology allowing for the streaming
of QuickTime data to clients across the Internet using the industry
standard RTP and RTSP protocols.


Details:

Darwin Streaming Server is distributed with a web-based
admin application that allows it to be configured through a web
browser.  Version 5.5 and below of the Windows 2000/2003 Server distribution 
of this package is vulnerable to a denial of service.

Exploitation of this flaw allows unauthenticated remote attackers to prevent 
legitimate usage.


The vulnerability specifically occurs upon the attacker Requesting
 a MS-DOS device name (e.g. AUX) over HTTP (port 1220) with a .cgi extention.

please note that this is not the CAN-2003-0421 And CAN-2003-0502 reported
bye Rapid7 in 2003,
http://www.rapid7.com/advisories/R7-0015.html

CAN-2003-0421   GET /AUX HTTP/1.0
CAN-2003-0502   GET /../AUX HTTP/1.0
This time ,     GET /AUX.cgi HTTP/1.0 


Vendor Response:

Vendor notified on 2005.06.27 via email to product-security@xxxxxxxxx 
Vendor responsed on 2005.06.28 AND published the patched version 5.5.1
 on 2005.07.12

Please update to Darwin Streaming Server 5.5.1
http://developer.apple.com/darwin/projects/streaming/

Prev by Date: [SECURITY] [DSA 755-1] New tiff packages fix arbitrary code execution
Next by Date: [SECURITY] [DSA 754-1] New centericq packages fix insecure temporary file creation
Previous by thread: [SECURITY] [DSA 755-1] New tiff packages fix arbitrary code execution
Next by thread: [SECURITY] [DSA 754-1] New centericq packages fix insecure temporary file creation
Index(es):
- Date
- Thread