Denial of Service Vulnerability in QuickTime Streaming Server by Apple
CVE-2004-0169

Currently unrated

Key Information:

Vendor: Apple
Status: Darwin Streaming Server
Vendor: CVE Published:; 15 March 2004

Summary

The QuickTime Streaming Server in MacOS X versions 10.2.8 and 10.3.2 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending DESCRIBE requests with excessively long User-Agent fields. This triggers an Assert error in the BufferIsFull function, causing the server to crash. Organizations using the affected versions should consider applying security updates to mitigate this risk.

References

http://lists.apple.com/archives/security-announce/2004/Fe...

vendor-advisoryx_refsource_APPLE

http://www.idefense.com/application/poi/display?id=75&typ...

third-party-advisoryx_refsource_IDEFENSE

http://www.osvdb.org/6826

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 15, 2004
Vulnerability Reserved
Feb 18, 2004