Info

Disclosure

Feb 23, 2004

Discovery

Dec 08, 2003

Dates

Exploit

Feb 23, 2004

Solution

Unknown

Description

A remote overflow exists in Quicktime Streaming Server. The server fails to validate DESCRIBE requests in specially crafted User-Agent fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.

QuickTime Streaming Server

4.1.3

References

Secunia Advisory ID: 10956
ISS X-Force ID: 15291
CVE ID: 2004-0169 (see also: NVD)
CERT VU: 460350
Related OSVDB ID: 6826
Bugtraq ID: 9735
Generic Exploit URL: http://packetstormsecurity.nl/0402-advisories/02.23.04.txt
Other Advisory URL: http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities

Credit

iDefense - iDefense

Direct URL: http://osvdb.org/6837