This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote RTSP server is affected by multiple vulnerabilities.
According to its banner, the version of Apple Darwin Streaming Server
running on the remote host is prior to version 5.5.5. It is,
therefore, affected by multiple vulnerabilities :
- A heap buffer overflow condition exists in the Apple
Darwin Streaming Proxy that allows an unauthenticated,
remote attacker, via multiple trackID values in a
SETUP RTSP request, to cause application termination
or the execution arbitrary code.
- Multiple stack-based buffer overflow conditions exist
in the is_command() function within file proxy.c due
to improper bounds checking. An unauthenticated, remote
attacker can exploit these, via a long command or server
value in an RTSP request, to cause application
termination or the execution arbitrary code.
See also :
Upgrade to Apple Darwin Streaming Server version 5.5.5 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false