Darwin RTSP Server < 5.5.5 Multiple Overflows

High Nessus Network Monitor Plugin ID 3989

Synopsis

The remote host is vulnerable to multiple buffer overflows.

Description

The remote host is running the Darwin RTSP media server. This version of Darwin is vulnerable to multiple flaws in the way that it processes user-supplied data. An attacker exploiting these flaws would only need to be able to send RTSP requests to the Darwin server. Successful exploitation would result in the attacker executing arbitrary code with the privileges of the Darwin server process.

Solution

Upgrade to version 5.5.5 or higher.

See Also

http://docs.info.apple.com/article.html?artnum=305495

Plugin Details

Severity: High

ID: 3989

Family: Generic

Published: 2007/05/11

Modified: 2016/02/05

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.7

Temporal Score: 7.5

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2007-0749, CVE-2007-0748

BID: 23918