SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
iTunes DAAP Protocol Handling Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1021842
SecurityTracker URL:  http://securitytracker.com/id/1021842
CVE Reference:   CVE-2009-0016   (Links to External Site)
Date:  Mar 12 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.1
Description:   A vulnerability was reported in Apple iTunes. A remote user can cause denial of service conditions on the target system.

A remote user can send a Digital Audio Access Protocol (DAAP) message containing a specially crafted Content-Length parameter value to cause the target iTunes application to enter an infinite loop.

Mac OS X systems are not affected.

Xiaopeng Zhang, Zhenhua Liu, and Junfeng Jia of Fortinet's FortiGuard Global Security Research Team reported this vulnerability.

Impact:   A remote user can cause the target iTunes application to enter an infinite loop.
Solution:   The vendor has issued a fixed version (8.1), available at:

http://www.apple.com/itunes/download/

For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 562bcc78760c4055f84d53730089a62dfa9c3fcf

For Windows XP / Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: fb07309a0196b424ed434be1143f9e8bcd978d62

The vendor's advisory is available at:

http://support.apple.com/kb/HT3487

Vendor URL:  support.apple.com/kb/HT3487 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2009-03-11 iTunes 8.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-03-11 iTunes 8.1

iTunes 8.1 is now available and addresses the following:

iTunes
CVE-ID:  CVE-2009-0016
Available for:  Windows XP or Vista
Impact:  Sending a maliciously crafted DAAP message may lead to a
denial of service
Description:  An infinite loop exists in the handling of iTunes
Digital Audio Access Protocol (DAAP) messages. Sending a message
containing a maliciously crafted Content-Length parameter in the DAAP
header may lead to a denial of service. This update addresses the
issue by performing additional validation of DAAP messages. This
issue does not affect Mac OS X systems. Credit to Xiaopeng Zhang,
Zhenhua Liu, and Junfeng Jia of Fortinet's FortiGuard Global Security
Research Team for reporting this issue.

iTunes
CVE-ID:  CVE-2009-0143
Available for:  Mac OS X v10.4.10 or later,
Mac OS X Server v10.4.10 or later, Windows XP or Vista
Impact:  Subscribing to a malicious podcast may lead to the
disclosure of iTunes username and password
Description:  A design issue exists in the iTunes podcast feature. A
subscription to a malicious podcast may cause an authentication
dialog to be presented to the user. This dialog may entice the user
to send iTunes credentials to the podcast server. This update
addresses the issue by clarifying the origin of the authentication
request in the dialog. Credit to Simon Bellwood for reporting this
issue.

iTunes 8.1 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes8.1.dmg"
Its SHA-1 digest is: 6c9ee64741158c9f45417b965b38b01ea3b51af1

For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 562bcc78760c4055f84d53730089a62dfa9c3fcf

For Windows XP / Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: fb07309a0196b424ed434be1143f9e8bcd978d62

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJJuFCFAAoJEHkodeiKZIkBkIgIAMbwqybKAWvT3jzL4nfuvYye
QmH3rVy6UEhvSBlWZa/mNgiqP0Z3N3Q06lRF+q1fYZBPhUwunKQhZmti78gOPe/z
MkO/BdREnd8NGZmtvQvwkgj7se2dP7M6VfheBwCzTWaLQHsW7Bf6Nc8ZRCcA/I33
Zo0hETDS+lNWMBT92ud8CoF0FgpU47+k74j+fICzpkN94TRiAJAnLDRqIBgdZHjG
1itWj7M0kIoduyc4IiRoay5XimGoU/y3/OOFchSpBieprvzq5haCzbLLLdr3D6Wg
q2qD9wYjUSZsC9iWIGBd+Lf5eO4J9ks6ylOcXL4gtpnJz3JJP5DkKcUe4WyjEtQ=
=DiFE
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC