Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   Apple QuickTime/Darwin Streaming Server Vendors:   Apple
Darwin Streaming Server Web Admin Interface Lets Remote Users Deny Service
SecurityTracker Alert ID:  1014474
SecurityTracker URL:
CVE Reference:   CVE-2005-2195   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jul 13 2005
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5
Description:   A vulnerability was reported in the Darwin Streaming Server. A remote user can cause denial of service conditions on the Web Admin interface.

A remote user can send specially crafted HTTP requests to the web interface to cause the Web Admin application to hang.

Only Windows 2000/2003 server platforms are affected.

The vendor credits Sowhat of ITS Security Team with reporting this vulnerability.

Impact:   A remote user can cause the Web Admin interface to hang.
Solution:   Apple has issued a fixed version (5.5.1), available at:

Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents

Subject:  APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1

Hash: SHA1

APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1

The open source Darwin Streaming Server project has been updated to
provide the following security enhancement:

Darwin Streaming Server 5.5.1
Available for:  Microsoft Windows 2000/2003 Server
CVE-ID:  CAN-2005-2195
Impact:  Remote attackers can hang the Web Admin application in
Darwin Streaming Server for Windows 2000/2003 Server
Description:  Darwin Streaming Server is distributed with a web-based
admin application that allows it to be configured through a web
browser.  Version 5.5 of the Windows 2000/2003 Server distribution of
this package is vulnerable to a denial of service attack when
handling certain web requests.  Version 5.5.1 addresses the problem
by adding extra checks before opening files.   Other distributions of
this package, including Mac OS X and Linux, are not vulnerable to the
attack.  Credit to Sowhat of ITS Security Team for reporting this

Information on Darwin Streaming Server is available at:

This message is signed with Apple's Product Security PGP key,
and details are available at:

Version: PGP 8.1


Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC