Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities

high Nessus Plugin ID 11278

Synopsis

The remote server is vulnerable to several flaws.

Description

The remote host is running Apple QuickTime Streaming Server.

There are multiple flaws in this version :

* Remote code execution vulnerability (by default with root privileges)
* 2 Cross-Site Scripting vulnerabilities
* Path Disclosure vulnerability
* Arbitrary Directory listing vulnerability
* Buffer overflow in MP3 broadcasting module

Solution

Install patches from Apple or disable access to this service.

See Also

http://www.atstake.com/research/advisories/2003/a022403-1.txt

Plugin Details

Severity: High

ID: 11278

File Name: quicktime_admin.nasl

Version: 1.38

Type: remote

Family: CGI abuses

Published: 2/28/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/23/2003

Exploitable With

Metasploit (QuickTime Streaming Server parse_xml.cgi Remote Execution)

Reference Information

CVE: CVE-2003-0050, CVE-2003-0051, CVE-2003-0052, CVE-2003-0053, CVE-2003-0054, CVE-2003-0055, CVE-2003-1414

BID: 6954, 6955, 6956, 6957, 6958, 6960, 6990

CWE: 22