Apple's QuickTime...
January 2008
SUBJECT:
Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow
ORIGINAL OVERVIEW:
A new vulnerability in Apple Quicktime is actively being exploited on the Internet. The vulnerability can be exploited if a user visits a malicious web site. If the vulnerability is successfully exploited, an attacker may be able to execute arbitrary code on a vulnerable system with the same rights of the logged-on user. This may allow the attacker to gain complete control of the affected system.
Note that there is currently no patch for this vulnerability.
UPDATED INFORMATION:
Apple released a patch that addresses the QuickTime RTSP vulnerability. This patch also addresses two other vulnerabilities; refer to the updated Description section below for additional technical details on these vulnerabilities. See the Reference sections below for patch download locations and additional information. We recommend that this patch be installed immediately on all affected systems after appropriate testing.
SYSTEMS AFFECTED:
Apple QuickTime Player 7.3 and earlier
RISK:
Government:
Large and medium government entities: High
Small government entities: High
ORIGINAL DESCRIPTION:
Apple Quicktime is a media player for the Mac OS X and Microsoft Windows operating systems.
A new vulnerability has been discovered in Quicktime that is currently being exploited on the Internet. Quicktime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. The issue occurs when handling specially crafted Real Time Streaming Protocol (RTSP) response headers.
RTSP is a protocol used by Quicktime to stream media content over the internet. By default, the protocol runs over ports 554 tcp/udp and 6970-6999 udp. The protocol also runs over an alternative port of 8554 tcp/udp. However, the protocol can be configured to run over any port which allows for firewalls to be circumvented by hosting the malicious RTSP server on 80/tcp or another commonly unfiltered port.
This vulnerability can be exploited if a user visits a specially crafted web page that hosts the malicious content or opens a malicious e-mail attachment. The user would then have to view the content by clicking a link or having it load automatically within the web page. When the user views the content, the RTSP server would then send the exploit code designed to perform some action on the attacker’s behalf. A failed attack will likely cause denial-of-service conditions.
DECEMBER 14 UPDATED DESCRIPTION:
Apple released a patch that addresses the QuickTime RTSP vulnerability. In addition, the patch also fixes multiple vulnerabilities in QuickTime’s media handler and a heap overflow vulnerability caused by viewing a specially-crafted QTL file.
ORGINAL RECOMMENDATIONS:
We recommend the following actions be taken:
Set the kill bit on the Class Identifier (CLSID) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} & {4063BE15-3B08-470D-A0D5-B37161CFFD69}; further instructions on how to set the kill bit can be found at the following location
( http://support.microsoft.com/kb/240797 )
Blocking the RTSP protocol with a proxy or firewall may help mitigate this vulnerability.
Blocking outbound access to ports 554 tcp/udp, 6970-6999 udp and, 8554 tcp/udp may partially mitigate this vulnerability. Since RTSP can be configured to use a variety or ports, blocking RTSP by port may not be sufficient.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Do not visit unknown or un-trusted Web sites or follow links provided by unknown or un-trusted sources.
UPDATED RECOMMENDATIONS:
Apply the appropriate patch to vulnerable systems immediately after appropriate testing. The patch is available at: http://www.apple.com/support/downloads/
SUBJECT:
Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow
ORIGINAL OVERVIEW:
A new vulnerability in Apple Quicktime is actively being exploited on the Internet. The vulnerability can be exploited if a user visits a malicious web site. If the vulnerability is successfully exploited, an attacker may be able to execute arbitrary code on a vulnerable system with the same rights of the logged-on user. This may allow the attacker to gain complete control of the affected system.
Note that there is currently no patch for this vulnerability.
UPDATED INFORMATION:
Apple released a patch that addresses the QuickTime RTSP vulnerability. This patch also addresses two other vulnerabilities; refer to the updated Description section below for additional technical details on these vulnerabilities. See the Reference sections below for patch download locations and additional information. We recommend that this patch be installed immediately on all affected systems after appropriate testing.
SYSTEMS AFFECTED:
Apple QuickTime Player 7.3 and earlier
RISK:
Government:
Large and medium government entities: High
Small government entities: High
ORIGINAL DESCRIPTION:
Apple Quicktime is a media player for the Mac OS X and Microsoft Windows operating systems.
A new vulnerability has been discovered in Quicktime that is currently being exploited on the Internet. Quicktime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. The issue occurs when handling specially crafted Real Time Streaming Protocol (RTSP) response headers.
RTSP is a protocol used by Quicktime to stream media content over the internet. By default, the protocol runs over ports 554 tcp/udp and 6970-6999 udp. The protocol also runs over an alternative port of 8554 tcp/udp. However, the protocol can be configured to run over any port which allows for firewalls to be circumvented by hosting the malicious RTSP server on 80/tcp or another commonly unfiltered port.
This vulnerability can be exploited if a user visits a specially crafted web page that hosts the malicious content or opens a malicious e-mail attachment. The user would then have to view the content by clicking a link or having it load automatically within the web page. When the user views the content, the RTSP server would then send the exploit code designed to perform some action on the attacker’s behalf. A failed attack will likely cause denial-of-service conditions.
DECEMBER 14 UPDATED DESCRIPTION:
Apple released a patch that addresses the QuickTime RTSP vulnerability. In addition, the patch also fixes multiple vulnerabilities in QuickTime’s media handler and a heap overflow vulnerability caused by viewing a specially-crafted QTL file.
ORGINAL RECOMMENDATIONS:
We recommend the following actions be taken:
Set the kill bit on the Class Identifier (CLSID) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} & {4063BE15-3B08-470D-A0D5-B37161CFFD69}; further instructions on how to set the kill bit can be found at the following location
( http://support.microsoft.com/kb/240797 )
Blocking the RTSP protocol with a proxy or firewall may help mitigate this vulnerability.
Blocking outbound access to ports 554 tcp/udp, 6970-6999 udp and, 8554 tcp/udp may partially mitigate this vulnerability. Since RTSP can be configured to use a variety or ports, blocking RTSP by port may not be sufficient.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Do not visit unknown or un-trusted Web sites or follow links provided by unknown or un-trusted sources.
UPDATED RECOMMENDATIONS:
Apply the appropriate patch to vulnerable systems immediately after appropriate testing. The patch is available at: http://www.apple.com/support/downloads/
posted by arkietechs at 7:34 AM
0 Comments:
Post a Comment
<< Home