Signature Detail

Short Name	APP:QT-SERVER:QT-DEVURL-DOS
Severity	Medium
Recommended	No
Category	APP
Keywords	QT quicktime http
Release Date	2004/08/25
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

APP: Darwin QuickTime Streaming Server Device URL Denial of Service

This signature detects attempts to exploit a known vulnerability against QuickTime Streaming Server. Darwin QuickTime Streaming Server v4.1.3 and earlier versions for all platforms (MacOS X, Linux, Windows) are vulnerable. Attackers can send URL requests that contain MS-DOS device names, forcing the Streaming Server to attempt to access a non-existing hardware device and causing the service to become unresponsive.

Extended Description

A vulnerability exists in the Darwin Streaming Server due to improper handling of reserved DOS device names. This vulnerability allows an attacker to cause a denial of service.

References

CVE: CVE-2003-0421
URL: http://developer.apple.com/darwin/projects/streaming/

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Darwin QuickTime Streaming Server Device URL Denial of Service

Extended Description

References