Detections
Analytics

Darwin Streaming Server < 5.5.5 Multiple RCE Vulnerabilities

critical Nessus Plugin ID 25214

Language:

Synopsis

The remote RTSP server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Apple Darwin Streaming Server running on the remote host is prior to version 5.5.5. It is, therefore, affected by multiple vulnerabilities :

 - A heap buffer overflow condition exists in the Apple Darwin Streaming Proxy that allows an unauthenticated, remote attacker, via multiple trackID values in a SETUP RTSP request, to cause application termination or the execution arbitrary code.
 (CVE-2007-0748)

 - Multiple stack-based buffer overflow conditions exist in the is_command() function within file proxy.c due to improper bounds checking. An unauthenticated, remote attacker can exploit these, via a long command or server value in an RTSP request, to cause application termination or the execution arbitrary code.
 (CVE-2007-0749)

Solution

Upgrade to Apple Darwin Streaming Server version 5.5.5 or later.

See Also

http://www.nessus.org/u?0e403e3e

https://www.securityfocus.com/archive/1/468303

https://macosforge.github.io/dss/

Plugin Details

Severity: Critical

ID: 25214

File Name: darwin_streaming_server_555.nasl

Version: 1.20

Type: remote

Published: 5/14/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:darwin_streaming_server

Exploit Ease: No known exploits are available

Patch Publication Date: 5/10/2007

Vulnerability Publication Date: 5/10/2007

Reference Information

CVE: CVE-2007-0748, CVE-2007-0749

BID: 23918

APPLE-SA: APPLE-SA-2007-05-10