var-200303-0097
Vulnerability from variot
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. A command execution vulnerability has been discovered in the Darwin/QuickTime Streaming Servers. The vulnerability exists due to insufficient sanitization performed on some user-supplied input. An attacker can exploit this vulnerability by submitting a specially crafted string to the parse_xml.cgi application that include malicious shell commands. These commands, when received by the Streaming Administration Servers, will be executed and may be used to compromise a vulnerable system. By default, these services listen on port 1220/TCP with root user privileges. The Darwin/QuickTime streaming server does not adequately sanitize user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application to authenticate and interact with the user. This CGI is written in PERL and passes the input directly to the open() function without sufficient processing. When the pipe \'\'|\'\' character is inserted When entered, it can cause the open() function to execute the embedded command, and the input of the parameters can be submitted to CGI through a GET request. The new version of the Darwin stream management server provides partial filtering, but inserting NULL characters between the last character of the command and the pipe bypasses the check and executes arbitrary commands on the system with the privileges of the stream server process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "darwin streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime streaming server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "6954"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave G.\u203b daveg@atstake.com\u203bOllie Whitehouse\u203b ollie@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6880",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6880",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6880"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. A command execution vulnerability has been discovered in the Darwin/QuickTime Streaming Servers. The vulnerability exists due to insufficient sanitization performed on some user-supplied input. \nAn attacker can exploit this vulnerability by submitting a specially crafted string to the parse_xml.cgi application that include malicious shell commands. These commands, when received by the Streaming Administration Servers, will be executed and may be used to compromise a vulnerable system. By default, these services listen on port 1220/TCP with root user privileges. The Darwin/QuickTime streaming server does not adequately sanitize user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application to authenticate and interact with the user. This CGI is written in PERL and passes the input directly to the open() function without sufficient processing. When the pipe \\\u0027\\\u0027|\\\u0027\\\u0027 character is inserted When entered, it can cause the open() function to execute the embedded command, and the input of the parameters can be submitted to CGI through a GET request. The new version of the Darwin stream management server provides partial filtering, but inserting NULL characters between the last character of the command and the pipe bypasses the check and executes arbitrary commands on the system with the privileges of the stream server process",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0050"
},
{
"db": "BID",
"id": "6954"
},
{
"db": "VULHUB",
"id": "VHN-6880"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-6880",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6880"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6954",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0050",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "11401",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "84525",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71386",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16891",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-6880",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6880"
},
{
"db": "BID",
"id": "6954"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"id": "VAR-200303-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6880"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T19:49:08.136000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/6954"
},
{
"trust": 2.7,
"url": "http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/11401.php"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6880"
},
{
"db": "BID",
"id": "6954"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6880"
},
{
"db": "BID",
"id": "6954"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-6880"
},
{
"date": "2003-02-24T00:00:00",
"db": "BID",
"id": "6954"
},
{
"date": "2003-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"date": "2003-03-07T05:00:00",
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-6880"
},
{
"date": "2009-07-11T20:06:00",
"db": "BID",
"id": "6954"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-039"
},
{
"date": "2024-11-20T23:43:49.680000",
"db": "NVD",
"id": "CVE-2003-0050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime/Darwin Streaming server parse_xml.cgi Remote command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-039"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…