var-200308-0003
Vulnerability from variot
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. When an HTTP request is made to the view_broadcast.cgi script without specifying any parameters, the server will not accept new connections. This vulnerability was reported to affect QuickTime/Darwin Streaming Server 4.1.3e and earlier on Windows. Vulnerabilities exist in Apple QuickTime / Darwin Streaming versions prior to 4.1.3f. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rapid7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose,
the world's most advanced vulnerability scanner.
Linux and Windows 2000/XP versions are available now!
Rapid7 Advisory R7-0015 Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
Published: July 22, 2003 Revision: 1.0 http://www.rapid7.com/advisories/R7-0015.html
CVE: CAN-2003-0421, CAN-2003-0422, CAN-2003-0423, CAN-2003-0424, CAN-2003-0425, CAN-2003-0426, CAN-2003-0502
- Affected system(s):
KNOWN VULNERABLE: o QuickTime/Darwin Streaming Server v4.1.3 for MacOS X o QuickTime/Darwin Streaming Server v4.1.3 for Win32 o QuickTime/Darwin Streaming Server v4.1.3 for Linux
UNKNOWN/NOT TESTED: o other platforms (Solaris)
-
Vendor status and information
Apple http://www.apple.com/
The vendor has been notified and has released fixes for all but one of the issues, which is currently under investigation.
- Solution
Upgrade to version 4.1.3g or later of Darwin Streaming Server, which may be obtained as a free download from:
http://developer.apple.com/darwin/projects/streaming/
Please see the next section for detailed fix information.
- Detailed analysis
There are several vulnerabilities.
Denial of Service by HTTP Request for DOS Device Name CVE ID: CAN-2003-0421 Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only) Fixed: In version 4.1.3f (Win32)
Requesting a DOS device name (e.g. An initial
HTTP 404 response will be returned for the device request,
but future requests will not be serviced.
Example:
==> GET /view_broadcast.cgi HTTP/1.0
<== HTTP/1.0 200 OK
<== Content-Type: video/quicktime
<==
<== rtsp://
^^ server drops connection
Source Disclosure via HTTP Request for /parse_xml.cgi Script CVE ID: CAN-2003-0423 Affects: Darwin Streaming Server v4.1.3g and earlier Fixed: No fix is available at this time. Apple is aware of this issue and they are investigating it further.
The source code of any file within the web root can be obtained
by issuing a request for /parse_xml.cgi?filename=[file], where
[file] is the file whose source code you wish to view.
This is only a serious risk if the administrator has installed
custom scripts on Darwin Streaming Server that need to be
protected.
Script Source Disclosure by Appending Special Characters CVE ID: CAN-2003-0424 Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only) Fixed: In version 4.1.3f (Win32)
The source code of any script can be obtained by appending the
special characters %2e (period) or %20 (space) to an HTTP request
for that script. For example, requesting /view_broadcast.cgi%2e
will reveal the source code for that script.
Web Root Traversal and Arbitrary File Disclosure (Win32) CVE ID: CAN-2003-0425 Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only) Fixed: In version 4.1.3f (Win32)
Any file on the system can be retrieved by using three dots
to break out of the web root. For example, requesting
/.../qtusers will return the QuickTime user/password file.
Default Install Allows Remote User to Set Admin Password CVE ID: CAN-2003-0426 Affects: Darwin Streaming Server v4.1.3e and earlier (Mac OS X only) Fixed: In version 4.1.3f (Mac OS X)
When Darwin Streaming Server is first installed, the
HTTP-based administration server (typically port 1220)
presents a "Setup Assistant" page where the user is prompted
to set a new administrator password. This would allow any
remote user to connect and set up an administrator password
before the server administrator has had a chance to do so.
- Contact Information
Rapid7 Security Advisories Email: advisory@rapid7.com Web: http://www.rapid7.com/ Phone: +1 (212) 558-8700
- Disclaimer and Copyright
Rapid7, Inc. is not responsible for the misuse of the information provided in our security advisories. These advisories are a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.
This advisory Copyright (C) 2003 Rapid7, Inc. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact.
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0
iQA/AwUBPx3UVST52JC2U8wAEQLPIwCg2Ps9jBufF8N6dGgCaoxEMijMtbcAnRL8 793Plejp5hw/r1OkojX2CQaB =OD0m -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200308-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "darwin streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "8257"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Rapid7.",
"sources": [
{
"db": "BID",
"id": "8257"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0422",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0422",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-7250",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0422",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200308-150",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-7250",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7250"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. When an HTTP request is made to the view_broadcast.cgi script without specifying any parameters, the server will not accept new connections. \nThis vulnerability was reported to affect QuickTime/Darwin Streaming Server 4.1.3e and earlier on Windows. Vulnerabilities exist in Apple QuickTime / Darwin Streaming versions prior to 4.1.3f. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n_______________________________________________________________________\n Rapid7, Inc. Security Advisory\n Visit http://www.rapid7.com/ to download NeXpose,\n the world\u0027s most advanced vulnerability scanner. \n Linux and Windows 2000/XP versions are available now!\n_______________________________________________________________________\n\nRapid7 Advisory R7-0015\nMultiple Vulnerabilities Apple QuickTime/Darwin Streaming Server\n\n Published: July 22, 2003\n Revision: 1.0\n http://www.rapid7.com/advisories/R7-0015.html\n\n CVE: CAN-2003-0421, CAN-2003-0422, CAN-2003-0423, CAN-2003-0424,\n CAN-2003-0425, CAN-2003-0426, CAN-2003-0502\n\n1. Affected system(s):\n\n KNOWN VULNERABLE:\n o QuickTime/Darwin Streaming Server v4.1.3 for MacOS X\n o QuickTime/Darwin Streaming Server v4.1.3 for Win32\n o QuickTime/Darwin Streaming Server v4.1.3 for Linux\n\n UNKNOWN/NOT TESTED:\n o other platforms (Solaris)\n\n2. \n\n3. Vendor status and information\n\n Apple\n http://www.apple.com/\n\n The vendor has been notified and has released fixes for all but\n one of the issues, which is currently under investigation. \n\n4. Solution\n\n Upgrade to version 4.1.3g or later of Darwin Streaming Server,\n which may be obtained as a free download from:\n\n http://developer.apple.com/darwin/projects/streaming/\n\n Please see the next section for detailed fix information. \n\n5. Detailed analysis\n\n There are several vulnerabilities. \n\n Denial of Service by HTTP Request for DOS Device Name\n CVE ID: CAN-2003-0421\n Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only)\n Fixed: In version 4.1.3f (Win32)\n\n Requesting a DOS device name (e.g. An initial\n HTTP 404 response will be returned for the device request,\n but future requests will not be serviced. \n\n Example:\n\n ==\u003e GET /view_broadcast.cgi HTTP/1.0\n\n \u003c== HTTP/1.0 200 OK\n \u003c== Content-Type: video/quicktime\n \u003c==\n \u003c== rtsp://\n ^^ server drops connection\n\n Source Disclosure via HTTP Request for /parse_xml.cgi Script\n CVE ID: CAN-2003-0423\n Affects: Darwin Streaming Server v4.1.3g and earlier\n Fixed: No fix is available at this time. Apple is aware of\n this issue and they are investigating it further. \n\n The source code of any file within the web root can be obtained\n by issuing a request for /parse_xml.cgi?filename=[file], where\n [file] is the file whose source code you wish to view. \n\n This is only a serious risk if the administrator has installed\n custom scripts on Darwin Streaming Server that need to be\n protected. \n\n Script Source Disclosure by Appending Special Characters\n CVE ID: CAN-2003-0424\n Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only)\n Fixed: In version 4.1.3f (Win32)\n\n The source code of any script can be obtained by appending the\n special characters %2e (period) or %20 (space) to an HTTP request\n for that script. For example, requesting /view_broadcast.cgi%2e\n will reveal the source code for that script. \n \n Web Root Traversal and Arbitrary File Disclosure (Win32)\n CVE ID: CAN-2003-0425\n Affects: Darwin Streaming Server v4.1.3e and earlier (Win32 only)\n Fixed: In version 4.1.3f (Win32)\n\n Any file on the system can be retrieved by using three dots\n to break out of the web root. For example, requesting\n /.../qtusers will return the QuickTime user/password file. \n\n Default Install Allows Remote User to Set Admin Password\n CVE ID: CAN-2003-0426\n Affects: Darwin Streaming Server v4.1.3e and earlier (Mac OS X only)\n Fixed: In version 4.1.3f (Mac OS X)\n \n When Darwin Streaming Server is first installed, the\n HTTP-based administration server (typically port 1220)\n presents a \"Setup Assistant\" page where the user is prompted\n to set a new administrator password. This would allow any\n remote user to connect and set up an administrator password\n before the server administrator has had a chance to do so. \n\n6. Contact Information\n\n Rapid7 Security Advisories\n Email: advisory@rapid7.com\n Web: http://www.rapid7.com/\n Phone: +1 (212) 558-8700\n\n7. Disclaimer and Copyright\n\n Rapid7, Inc. is not responsible for the misuse of the information\n provided in our security advisories. These advisories are a service\n to the professional security community. There are NO WARRANTIES\n with regard to this information. Any application or distribution of\n this information constitutes acceptance AS IS, at the user\u0027s own\n risk. This information is subject to change without notice. \n\n This advisory Copyright (C) 2003 Rapid7, Inc. Permission is\n hereby granted to redistribute this advisory, providing that no\n changes are made and that the copyright notices and disclaimers\n remain intact. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.0\n\niQA/AwUBPx3UVST52JC2U8wAEQLPIwCg2Ps9jBufF8N6dGgCaoxEMijMtbcAnRL8\n793Plejp5hw/r1OkojX2CQaB\n=OD0m\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0422"
},
{
"db": "BID",
"id": "8257"
},
{
"db": "VULHUB",
"id": "VHN-7250"
},
{
"db": "PACKETSTORM",
"id": "31422"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0422",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150",
"trust": 0.7
},
{
"db": "VULNWATCH",
"id": "20030723 R7-0015: MULTIPLE VULNERABILITIES APPLE QUICKTIME/DARWIN STREAMING SERVER",
"trust": 0.6
},
{
"db": "BID",
"id": "8257",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-7250",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31422",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7250"
},
{
"db": "BID",
"id": "8257"
},
{
"db": "PACKETSTORM",
"id": "31422"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"id": "VAR-200308-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7250"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:48:41.053000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.rapid7.com/advisories/r7-0015.html"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html"
},
{
"trust": 0.4,
"url": "http://developer.apple.com/darwin/projects/streaming/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0426"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0422"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7250"
},
{
"db": "BID",
"id": "8257"
},
{
"db": "PACKETSTORM",
"id": "31422"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7250"
},
{
"db": "BID",
"id": "8257"
},
{
"db": "PACKETSTORM",
"id": "31422"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-7250"
},
{
"date": "2003-07-23T00:00:00",
"db": "BID",
"id": "8257"
},
{
"date": "2003-07-23T04:32:56",
"db": "PACKETSTORM",
"id": "31422"
},
{
"date": "2003-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"date": "2003-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-7250"
},
{
"date": "2009-07-11T22:56:00",
"db": "BID",
"id": "8257"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-150"
},
{
"date": "2024-11-20T23:44:41.763000",
"db": "NVD",
"id": "CVE-2003-0422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime/Darwin Streaming server view_broadcast.cgi Service denial vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-150"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…