cvelistv5 - cve-2007-0749

CVE-2007-0749 (GCVE-0-2007-0749)

Vulnerability from cvelistv5

Published

2007-05-13 22:00

Modified

2024-08-07 12:26

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305495	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533	Patch
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html	Patch
cve@mitre.org	http://osvdb.org/35976
cve@mitre.org	http://secunia.com/advisories/25193	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/23918	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018047
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1770
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34222
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305495	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35976
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25193	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23918	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018047
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1770
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34222

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:54.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-1770",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1770"
          },
          {
            "name": "APPLE-SA-2007-05-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
          },
          {
            "name": "23918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23918"
          },
          {
            "name": "20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305495"
          },
          {
            "name": "35976",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35976"
          },
          {
            "name": "darwin-iscommand-bo(34222)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
          },
          {
            "name": "1018047",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018047"
          },
          {
            "name": "25193",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25193"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-1770",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1770"
        },
        {
          "name": "APPLE-SA-2007-05-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
        },
        {
          "name": "23918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23918"
        },
        {
          "name": "20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305495"
        },
        {
          "name": "35976",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35976"
        },
        {
          "name": "darwin-iscommand-bo(34222)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
        },
        {
          "name": "1018047",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018047"
        },
        {
          "name": "25193",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25193"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-1770",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1770"
            },
            {
              "name": "APPLE-SA-2007-05-10",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
            },
            {
              "name": "23918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23918"
            },
            {
              "name": "20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305495",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305495"
            },
            {
              "name": "35976",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35976"
            },
            {
              "name": "darwin-iscommand-bo(34222)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
            },
            {
              "name": "1018047",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018047"
            },
            {
              "name": "25193",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25193"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0749",
    "datePublished": "2007-05-13T22:00:00",
    "dateReserved": "2007-02-05T00:00:00",
    "dateUpdated": "2024-08-07T12:26:54.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0749\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-13T22:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basado en pila en la funci\u00f3n is_command en proxy.c en Apple Darwin Streaming Proxy, cuando se utiliza en Darwin Streaming Server anterior a 5.5.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un valor (1)cmd largo o (2)server en una respuesta RTSP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F40D1E1-10B3-4A7C-A945-A8D74F3DCB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC88BC5-0CA9-4B24-ACBD-14A4762A8252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:darwin_streaming_server:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6693434C-2244-47F9-94A7-F5D6CE50C245\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F17066-C090-4DD7-A1AC-D8FF70D268CE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E997653-C744-4F1F-9948-47579AB3BED3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5A416A-F198-4B9C-8221-D36CC8A7FE5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"384C130F-D1A9-4482-AF20-FC81933473A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74BCDEA0-2F69-4411-98C5-29C3C0533BDE\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=305495\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/35976\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25193\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23918\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018047\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1770\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34222\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/35976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2007-0749

Vulnerability from fkie_nvd

Published

2007-05-13 22:19

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305495	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533	Patch
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html	Patch
cve@mitre.org	http://osvdb.org/35976
cve@mitre.org	http://secunia.com/advisories/25193	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/23918	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018047
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1770
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34222
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305495	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35976
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25193	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23918	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018047
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1770
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34222

Impacted products

Vendor	Product	Version
apple	darwin_streaming_server	4.1.2
apple	darwin_streaming_server	5.0.1
apple	darwin_streaming_server	5.5.4
apple	mac_os_x_server	10.2.8
apple	mac_os_x_server	10.3
apple	mac_os_x_server	10.3.1
apple	mac_os_x_server	10.3.2
apple	darwin_streaming_server	4.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F40D1E1-10B3-4A7C-A945-A8D74F3DCB35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC88BC5-0CA9-4B24-ACBD-14A4762A8252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:darwin_streaming_server:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6693434C-2244-47F9-94A7-F5D6CE50C245",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F17066-C090-4DD7-A1AC-D8FF70D268CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E997653-C744-4F1F-9948-47579AB3BED3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5A416A-F198-4B9C-8221-D36CC8A7FE5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "384C130F-D1A9-4482-AF20-FC81933473A3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BCDEA0-2F69-4411-98C5-29C3C0533BDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en la funci\u00f3n is_command en proxy.c en Apple Darwin Streaming Proxy, cuando se utiliza en Darwin Streaming Server anterior a 5.5.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un valor (1)cmd largo o (2)server en una respuesta RTSP."
    }
  ],
  "id": "CVE-2007-0749",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-13T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35976"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25193"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23918"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018047"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1770"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-39jq-32qw-h3r2

Vulnerability from github

Published

2022-05-01 17:46

Modified

2022-05-01 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0749"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-13T22:19:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.",
  "id": "GHSA-39jq-32qw-h3r2",
  "modified": "2022-05-01T17:46:44Z",
  "published": "2022-05-01T17:46:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0749"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305495"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35976"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25193"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23918"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018047"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1770"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-0749

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0749

Aliases

CVE-2007-0749

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0749",
    "description": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.",
    "id": "GSD-2007-0749"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0749"
      ],
      "details": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.",
      "id": "GSD-2007-0749",
      "modified": "2023-12-13T01:21:35.271036Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0749",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-1770",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1770"
          },
          {
            "name": "APPLE-SA-2007-05-10",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
          },
          {
            "name": "23918",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23918"
          },
          {
            "name": "20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305495",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305495"
          },
          {
            "name": "35976",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35976"
          },
          {
            "name": "darwin-iscommand-bo(34222)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
          },
          {
            "name": "1018047",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018047"
          },
          {
            "name": "25193",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25193"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:darwin_streaming_server:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0749"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305495",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305495"
            },
            {
              "name": "APPLE-SA-2007-05-10",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
            },
            {
              "name": "23918",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/23918"
            },
            {
              "name": "25193",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25193"
            },
            {
              "name": "1018047",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018047"
            },
            {
              "name": "35976",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35976"
            },
            {
              "name": "ADV-2007-1770",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1770"
            },
            {
              "name": "darwin-iscommand-bo(34222)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:30Z",
      "publishedDate": "2007-05-13T22:19Z"
    }
  }
}

Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. An attacker can exploit these issues to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. These issues affect versions prior to 5.5.5.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

SOLUTION: Update to version 5.5.5. http://developer.apple.com/opensource/server/streaming/index.html

PROVIDED AND/OR DISCOVERED BY: An anonymous person, reported via iDefense Labs.

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305495

iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Apple Darwin Streaming Proxy Multiple Vulnerabilities

iDefense Security Advisory 05.10.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 10, 2007

I. BACKGROUND

Darwin Streaming Server is a server technology that facilitates streaming of QuickTime data to clients across the Internet using the industry standard RTP and RTSP protocols.

The Darwin Streaming Proxy is an application-specific proxy which would normally be run in a border zone or perimeter network. It is used to give client machines, within a protected network, access to streaming servers where the firewall blocks RTSP connections or RTP/UDP data flow. For more information, please visit the product website at via following URL.

http://developer.apple.com/opensource/server/streaming/index.html

II.

Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers.

Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur.

III.

No credentials are required for accessing the vulnerable code.

The stack-based buffer overflow vulnerability relies on compiler optimizations. iDefense has verified the Darwin Streaming Proxy 4.1 binary release for Fedora Core is not vulnerable. The binary produced from a out-of-the-box compile on Fedora was confirmed vulnerable.

IV. DETECTION

iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1.

V. WORKAROUND

Employ firewalls, access control lists or other TCP/UDP restriction mechanisms to limit access to vulnerable systems and services.

VI. VENDOR RESPONSE

Apple has addressed this vulnerability by releasing version 5.5.5 of Darwin Streaming Server. More information can be found from Apple's Security Update page or the Darwin Streaming Server advisory page at the respective URLs below.

http://docs.info.apple.com/article.html?artnum=61798 http://docs.info.apple.com/article.html?artnum=305495

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-0748 to the heap-based buffer overflow and CVE-2007-0749 to stack-based buffer overflow. These names are a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

04/09/2007 Initial vendor notification 04/09/2007 Initial vendor response 05/10/2007 Coordinated public disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events http://labs.idefense.com/

X. LEGAL NOTICES

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0148",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "darwin streaming server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "5.5.4"
      },
      {
        "model": "darwin streaming server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "darwin streaming server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "darwin streaming server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "darwin streaming server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.5.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "darwin streaming server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.5.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:darwin_streaming_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iDEFENSE",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0749",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-0749",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-24111",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-0749",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-0749",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200705-258",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24111",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. \nAn attacker can exploit these issues to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. \nThese issues affect versions prior to 5.5.5. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\nSOLUTION:\nUpdate to version 5.5.5. \nhttp://developer.apple.com/opensource/server/streaming/index.html\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous person, reported via iDefense Labs. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305495\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Apple Darwin Streaming Proxy Multiple Vulnerabilities\n\niDefense Security Advisory 05.10.07\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 10, 2007\n\nI. BACKGROUND\n\nDarwin Streaming Server is a server technology that facilitates\nstreaming of QuickTime data to clients across the Internet using the\nindustry standard RTP and RTSP protocols. \n\nThe Darwin Streaming Proxy is an application-specific proxy which would\nnormally be run in a border zone or perimeter network. It is used to\ngive client machines, within a protected network, access to streaming\nservers where the firewall blocks RTSP connections or RTP/UDP data\nflow. For more information, please visit the product website at via\nfollowing URL. \n\nhttp://developer.apple.com/opensource/server/streaming/index.html\n\nII. \n\nDue to insufficient sanity checking, a stack-based buffer overflow could\noccur while trying to extract commands from the request buffer. The\n\"is_command\" function, located in proxy.c, lacks bounds checking when\nfilling the \u0027cmd\u0027 and \u0027server\u0027 buffers. \n\nAdditionally, a heap-based buffer overflow could occur while processing\nthe \"trackID\" values contained within a \"SETUP\" request. If a request\nwith more than 32 values is encountered, memory corruption will occur. \n\nIII. \n\nNo credentials are required for accessing the vulnerable code. \n\nThe stack-based buffer overflow vulnerability relies on compiler\noptimizations. iDefense has verified the Darwin Streaming Proxy 4.1\nbinary release for Fedora Core is not vulnerable. The binary produced\nfrom a out-of-the-box compile on Fedora was confirmed vulnerable. \n\nIV. DETECTION\n\niDefense has confirmed the existence of these vulnerabilities in Darwin\nStreaming Server 5.5.4 and Darwin Streaming Proxy 4.1. \n\nV. WORKAROUND\n\nEmploy firewalls, access control lists or other TCP/UDP restriction\nmechanisms to limit access to vulnerable systems and services. \n\nVI. VENDOR RESPONSE\n\nApple has addressed this vulnerability by releasing version\n5.5.5 of Darwin Streaming Server. More information can be found from\nApple\u0027s Security Update page or the Darwin Streaming Server advisory\npage at the respective URLs below. \n\nhttp://docs.info.apple.com/article.html?artnum=61798\nhttp://docs.info.apple.com/article.html?artnum=305495\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname\nCVE-2007-0748 to the heap-based buffer overflow and CVE-2007-0749 to\nstack-based\nbuffer overflow. These names are a candidate for inclusion in the CVE list\n(http://cve.mitre.org/), which standardizes names for security problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/09/2007  Initial vendor notification\n04/09/2007  Initial vendor response\n05/10/2007  Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2007 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "BID",
        "id": "23918"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "db": "PACKETSTORM",
        "id": "56675"
      },
      {
        "db": "PACKETSTORM",
        "id": "56658"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-24111",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0749",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "23918",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "25193",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1770",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018047",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "35976",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526",
        "trust": 0.8
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-05-10",
        "trust": 0.6
      },
      {
        "db": "IDEFENSE",
        "id": "20070510 APPLE DARWIN STREAMING PROXY MULTIPLE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "34222",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "56658",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-24111",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56675",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "db": "BID",
        "id": "23918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "PACKETSTORM",
        "id": "56675"
      },
      {
        "db": "PACKETSTORM",
        "id": "56658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "id": "VAR-200705-0148",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:09:54.588000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2007-05-10",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://docs.info.apple.com/article.html?artnum=305495"
      },
      {
        "trust": 2.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/may/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23918"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/35976"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018047"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25193"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1770"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34222"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0749"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0749"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1770"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/34222"
      },
      {
        "trust": 0.3,
        "url": "http://developer.apple.com/darwin/projects/streaming/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/468303"
      },
      {
        "trust": 0.2,
        "url": "http://developer.apple.com/opensource/server/streaming/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1146/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3085/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25193/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0749"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/),"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=61798"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0748"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "db": "BID",
        "id": "23918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "PACKETSTORM",
        "id": "56675"
      },
      {
        "db": "PACKETSTORM",
        "id": "56658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "db": "BID",
        "id": "23918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "db": "PACKETSTORM",
        "id": "56675"
      },
      {
        "db": "PACKETSTORM",
        "id": "56658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "date": "2007-05-10T00:00:00",
        "db": "BID",
        "id": "23918"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "date": "2007-05-12T02:30:02",
        "db": "PACKETSTORM",
        "id": "56675"
      },
      {
        "date": "2007-05-11T02:05:01",
        "db": "PACKETSTORM",
        "id": "56658"
      },
      {
        "date": "2007-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "date": "2007-05-13T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24111"
      },
      {
        "date": "2007-05-11T17:09:00",
        "db": "BID",
        "id": "23918"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      },
      {
        "date": "2007-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      },
      {
        "date": "2024-11-21T00:26:39.320000",
        "db": "NVD",
        "id": "CVE-2007-0749"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Darwin Streaming Proxy of  is_command Stack-based buffer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001526"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-258"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0749 (GCVE-0-2007-0749)

Vulnerability from cvelistv5

fkie_cve-2007-0749

Vulnerability from fkie_nvd

ghsa-39jq-32qw-h3r2

Vulnerability from github

gsd-2007-0749

Vulnerability from gsd

var-200705-0148

Vulnerability from variot

Tags

Sightings

Nomenclature