SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple QuickTime/Darwin Streaming Server Vendors:   Apple
Darwin Streaming Server Web Admin Interface Lets Remote Users Deny Service
SecurityTracker Alert ID:  1014474
SecurityTracker URL:  http://securitytracker.com/id/1014474
CVE Reference:   CVE-2005-2195   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jul 13 2005
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5
Description:   A vulnerability was reported in the Darwin Streaming Server. A remote user can cause denial of service conditions on the Web Admin interface.

A remote user can send specially crafted HTTP requests to the web interface to cause the Web Admin application to hang.

Only Windows 2000/2003 server platforms are affected.

The vendor credits Sowhat of ITS Security Team with reporting this vulnerability.
Impact:   A remote user can cause the Web Admin interface to hang.
Solution:   Apple has issued a fixed version (5.5.1), available at:

http://developer.apple.com/darwin/projects/streaming/
Vendor URL:  developer.apple.com/darwin/projects/streaming/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents
Subject:  APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1

The open source Darwin Streaming Server project has been updated to
provide the following security enhancement:

Darwin Streaming Server 5.5.1
Available for:  Microsoft Windows 2000/2003 Server
CVE-ID:  CAN-2005-2195
Impact:  Remote attackers can hang the Web Admin application in
Darwin Streaming Server for Windows 2000/2003 Server
Description:  Darwin Streaming Server is distributed with a web-based
admin application that allows it to be configured through a web
browser.  Version 5.5 of the Windows 2000/2003 Server distribution of
this package is vulnerable to a denial of service attack when
handling certain web requests.  Version 5.5.1 addresses the problem
by adding extra checks before opening files.   Other distributions of
this package, including Mac OS X and Linux, are not vulnerable to the
attack.  Credit to Sowhat of ITS Security Team for reporting this
issue.

Information on Darwin Streaming Server is available at:
http://developer.apple.com/darwin/projects/streaming/

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQtRdzoHaV5ucd/HdAQJyugf+PpXLWzzoaaRsepjk3S9TlLjrRYRW3PyS
E0PnAUb69zeIS0DtKFAKMyvu2JHckvQUg0pbSQdCpcNihtrwFjq/DyphWWlOYeZ9
Und1Gw+TTDXNJ7OqEL2URj1lSGG2ZCFmy6SlXdiufERLTBsLQc7whoHM+AcscWCk
Hj21ysMkyejkG+mMRN3cHiWngNdNvXigyH0pE8WARYRBxdIB6COo4C14CwO2ukso
hOF0DsoLiArMYAFliWdDSwkvMpQggE9olhdLvYlba+gnobhXroT1dU88G/DQ+Hsk
KmHgWerTYJ9B2uB3dC290LQUWuiInuAP448aW7odfgYEPkFcJAsccQ==
=K8RY
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC