This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote RTSP server is affected by multiple vulnerabilities.
According to its banner, the version of Apple Darwin Streaming Server
running on the remote host is prior to version 5.5.5. It is,
therefore, affected by multiple vulnerabilities :
- A heap buffer overflow condition exists in the Apple
Darwin Streaming Proxy that allows an unauthenticated,
remote attacker, via multiple trackID values in a
SETUP RTSP request, to cause application termination
or the execution arbitrary code.
- Multiple stack-based buffer overflow conditions exist
in the is_command() function within file proxy.c due
to improper bounds checking. An unauthenticated, remote
attacker can exploit these, via a long command or server
value in an RTSP request, to cause application
termination or the execution arbitrary code.
See also :
Upgrade to Apple Darwin Streaming Server version 5.5.5 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Family: Gain a shell remotely
Nessus Plugin ID: 25214 (darwin_streaming_server_555.nasl)
Bugtraq ID: 23918
CVE ID: CVE-2007-0748CVE-2007-0749
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.