Vulnerability Note VU#460350

Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests

Original Release date: 25 Feb 2004 | Last revised: 15 Mar 2004

Overview

Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

Description

Apple's QuickTime and Darwin Streaming Server is software which provides integrated distribution of various forms of digital content. Such content can be delivered over a network using Real-Time Transport Protocol (RTP) and Real-Time Streaming Protocol (RTSP).

The RTSP provides a DESCRIBE method which according to RFC 2326 "retrieves the description of a presentation or media object identified by the request URL from a server. It may use the Accept header to specify the description formats that the client understands. The server responds with a description of the requested resource. The DESCRIBE reply-response pair constitutes the media initialization phase of RTSP."

There is a vulnerability in the way the Quicktime/Darwin Streaming Server parses DESCRIBE requests containing specially crafted User-Agent fields. An attacker could exploit this vulnerability by sending a DESCRIBE request containing an overly large User-Agent field.

Impact

An unauthenticated, remote attacker could prevent legitimate users from accessing the streamed content.

Solution

Apply Patch
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Update 2004-02-23).

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected-25 Feb 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by iDefense.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0169
  • Date Public: 24 Feb 2004
  • Date First Published: 25 Feb 2004
  • Date Last Updated: 15 Mar 2004
  • Severity Metric: 1.68
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.