[CS-FSLUG] NI: Apple Darwin Streaming Server Web Admin Denial of Service
Fred A. Miller
fmiller at lightlink.com
Wed Jul 13 08:31:54 CDT 2005
Apple Darwin Streaming Server Web Admin Denial of Service
SECUNIA ADVISORY ID:
SA16056
VERIFY ADVISORY:
http://secunia.com/advisories/16056/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE: From remote
SOFTWARE:
Darwin Streaming Server 5.x
http://secunia.com/product/3085/
DESCRIPTION:
Sowhat has reported a vulnerability in Darwin Streaming Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an error in the web-based admin
interface when handling HTTP requests containing MS-DOS device names
with ".cgi" extension appended (e.g. AUX.cgi).
Successful exploitation causes the service to stop responding.
The vulnerability has been reported in versions 5.5 and prior for
Windows.
SOLUTION:
Update to version 5.5.1.
PROVIDED AND/OR DISCOVERED BY:
Sowhat
ORIGINAL ADVISORY:
http://secway.org/Advisory/AD20050713.txt
--
Planet Earth - a subsidiary of Microsoft. We have no bugs in
our software, Never! We do have undocumented added
features, that you will find amusing, at no added cost
to you, at this time.
More information about the Christiansource
mailing list