header-logo
Suggest Exploit
vendor:
QuickTime/Darwin Streaming Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: QuickTime/Darwin Streaming Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Apple QuickTime/Darwin Streaming Server ANNOUNCE Command Buffer Overflow Vulnerability

A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying an extremely large value as an argument within an ANNOUNCE request, it is possible to trigger an unexpected calculation causing the server to crash. Although it has not been confirmed, it is speculated that this issue may be exploitable to corrupt memory.

Mitigation:

Upgrade to the latest version of Apple QuickTime/Darwin Streaming Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7659/info

A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying an extremely large value as an argument within an ANNOUNCE request, it is possible to trigger an unexpected calculation causing the server to crash.

Although it has not been confirmed, it is speculated that this issue may be exploitable to corrupt memory. 

$ perl -e 'print "ANNOUNCE /.sdp RTSP/1.0\nContent-length:4294967295\n\n","A"x8192' | nc -v localhost 554

Navigation

Suggest Exploit

Services By CQR