|
|
|
Exploit Code Out for Windows, Mac QuickTime Flaw
By: Lisa Vaas
2007-11-26
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
An extremely critical Apple QuickTime flaw can enable malware attacks on Windows and Mac OS X systems.Exploit code is out for an extremely critical Apple QuickTime flaw that affects Windows and Mac OS X systems, and researchers say attacks are likely soon to follow.
The vulnerability, found in the way QuickTime processes RTSP (Real Time Streaming Protocol) replies, can lead to remote attackers hijacking vulnerable systems. This proof of concept code was posted on Nov. 23 by security researcher Krystian Kloskowski.
The flaw, caused by a boundary error when processing RTSP replies, can be exploited to cause a stack-based buffer overflow if an attacker sends a rigged audio-streaming file that contains an overly long Content Type header. Otherwise, an attacker can successfully exploit the vulnerability by modifying an existing program to listen for RTSP requests and to respond with malicious code.
That malicious file would contain arbitrary data, memory addresses, and executable machine code designed to perform some action on the attackers behalf, according to a Nov. 24 security advisory Symantec sent to clients who subscribe to its DeepSight Alert Services.
RTSP, a protocol used in streaming media systems, allows a client to remotely control a streaming media server with commands such as "play" and "pause" and also allows time-based access to files on a server.
 Click here to read about an Apple Mail flaw affecting Mac OS X Leopard.
According to Symantec, QuickTime Player 7.3 is affected by this vulnerability. As of Nov. 26, it hadnt yet been determined whether other versions are affected as well.
To exploit the issue, an attacker has to lure an unsuspecting user to connect to a malicious RTSP server.
Apple had not responded to requests for input by the time this article posted. In lieu of a patch, Symantec is advising users to mitigate the potential danger by deploying network intrusion detection systems to monitor network traffic for malicious activity. Symantec is also advising users to use NIDS (network intrusion detection system) to monitor network traffic for signs of anomalous or suspicious activity, including but not limited to requests that include NOP (no operation) sleds and unexplained incoming and outgoing traffic.
A NOP sled, aka NOP slide, is a sequence of NOP instructions meant to "slide" the CPUs instruction execution flow to a final, desired destination.
Symantec is also advising that all software be set to run as a nonprivileged user with minimal access rights. Also, to limit the effects of a successful compromise, run all client software with the least privileges required to function.
And as always, dont follow links from strangers or untrusted sources, stay out of questionable sites, and dont touch files from unknown sources.
Symantec is also advising users to use memory-protection schemes to trip up an attackers ability to exploit the vulnerability by executing arbitrary code. That includes nonexecutable and randomly mapped memory segments.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������x}r㶲s\@♵MQ=Ҕlc-/K3^3uT� I)l+9
7]hɗLb["�h4���y$3G3L{L�cfQ;uOuޚ%w6;�&R(-GgP+N-w5� E]0ezNv@\��}@^cFw��D%x�_'Щ�ѩ�wɄIPW�^ߕͩ6}^~lv��.hѶ
⌲Il/G5t�yK`nzN<�)u)p�sP {O|2C�ַ(>r@ߨ�V�:ALéM}!
{�> Kd/B(?F#�c�C=|'�f�w�gB(ʻ�F�{iki�2��hj9�TN`Uƞfn�ڭaŰ��A=c�9p<�k
Go�,gu9"�ScO�$ա�U�NIp'0�:�Q#@X�S.�HTfFԴ;gj�5[gb=ױ}ǣ��#���3E5��L֟GB$f�ō0�R�bm
O,Ӈ�;) ۱ȭB�¿{kײ�߀CM�{6�̳L]>'l,R" ?q74Ba�z�H��O�L�"�9ˁ,kFpf0閩m�Ⱥus*RM�
~Vد�+www;6;2ٽSugF?~�ʊ�
E2G���-;��жD^ԢZ8�_u{ݓ>~nk�r ���|'k�L
R*��rX<&ȇ �T|5�uz3P��%J_+�P-�]z[zOa`%�pfQB
>'sK߾ڤ>>=O}3�fP*�U�~(#3%+��ԩZu\9;�utHs!+|qf�!5�0\6:jo~;�c�!~j[ d�P[w8LwjT{dZ6�姣1I|]9ևm'!|Аd�
mx�Z.S3I��Xn`Nt�&hoQpy4�ڭ�,%_� ><�)zN�j$
>6(Z�χ�`jc˦M@B9��;ǻ�ޚB�<�Q]ӡ4|a���q�jQ]�*~h3��-w= |
�wA�,�߽9�#z[LK��x�GN w
(~9-WR��;C/0tKty@OL\n��|8$o4<3_N#k[}7� K% j�J=Ss���A|5
�i!3L&Ze�n'==r=�6��?��C��<<�f�Rq'�ӠEa e ֤PLM>kQ@/�ı``�{�s7w�9pJ.��k>uM^\�ϖ�+]4�|rn�N �> |4'Z>�pdZ`/R7:4wҵJ )كI�,ǒ\*��%&QȚ='a(Juѧȹi� 3 M~��N!V�hPQ1
"I�9O5/�
cG��/OQ�*#؊�W�k��o` 12l�3u&/�zr|pE% y�<_,� K�kMf�٧O䱯1ۊ��h0@q�_8R"X @548�~�x
} "��L-�9�Ij�1�
�[�*:��:$ݦ��݀ä��,Cd�g�O{M{c>4�Ye j�,A�@z"RTj%05Բ*JR
_{}|3??=e�dԌR�p�8�< _�p˻�u??�Qo��O�j�zM͠W�>sn��}�G>N-â�&-h'^+0v�
�+BC2By^�ihw^@TA)07�G+�%�'=�ib�GH��e]�r�C
�XQVk0q�s;M*?�)�ӱ%Jt(�ֹ�B\-bԻ1u���b��H=�#�C`B��EW�Fڬ,pZԿA��uN�Դ)OjH@Aܚ:y>z,.M�HT0��u� �0-�tq])Tjբ¾_ZN+^�>
(��L40Ȑ�%=�GlTlO.1�Vl$�R*C01^�*== 7S_ �-ʖvk��Ն'QyϤp3|9 |l93#ONp釛L+ 30�SI�l
x@̬km#w6霎0��M`}G��ϣ1WT��`,fqN'� epv�N{%֡��,)3?tT쫵R��5:=Fp=�Ѝt;G~3sֿLׂܱ
zORD�7��PUL��x�g4sDcC�6jM�+'&�lZ
VZ�[�zGd!9js-!���OR-4SK8�n�6=�B\�ӳ
$RK+@�ekrฦԭ�57oE)�Zx�hRf̚/
%
=EЋvcꞃSLB]��I�TY�) �q�Ld_ ?�3pa-X,T��H)+(Gܱ��?^�nVɕڽv?f�IG|)T&#UqR(BB'Q�!�VQ%G"ZAY_MkOkhs!p
B0_\PF.^ʵ"l`ۤ^�ASf<^�ΐے�tK�ק~ 6�F&7
ug͋5Yx\YsXҌd;~�X^�5uH�"|H�~#+jH0שUI-VR}��̡=2f{c�і�$¾��.̓G\\׆hg�?"XWS�wg�4c�̇)usgCU�JR�#0��97
�pĵ��) R#GY\�'
WBX]q,g$
�,�$�(%,zǃx]!6�ps���^a?qp�-<9^�K�(4Ԉ�xϰL�'�eVqm?3 �c��C7痟vvj01@ E D@;n�߱?%
?�S-l8)F::w~�ݕDw;?\wZ�RT>I/4;g_����?k�ٿ:N00�vi?�0WK�KKx�iWsj뀔� Z>~~hI6?���eB*;f�B�,
8o�I�Ÿڐ9}/gvt�{{l:��+�6|v>���2�DH"�r�yCB|I{ֽG�Y-%{�w/[�j��܉g���, YE#�B�W Ǎ�5�Bk3d4)(�3z��I]a3�"A�Kվ̂�Ӝ$�"j*?N3dn
ʺ~�Z�w�~uk�`!��w1d|PRC� �
��@�RPOh�[#ZYKt$;3Ğu}Ih��!��:�e�}E/R)Q\(뉞�OYY}ܽjr3�l�}FF/JN�^k;�u{)[N7c+t,#=^/8�ʚ��=�?U��Nju>�!����g�4r㿜YQ$�!r>a�]Z�in}�z}@&aP;DZ3pu*hhwRB'T5˓$/+IYO)Eqhd*꒐~*~(i&'ءX�ҡԛ�]6/6'8
$O�krisq/?Gdc:��M"�I^QԼڭUdE)I�=ۉ~g#S^q:-< �c�tH_l臵�4/
Z���V�2?'!ʋIFܱ�So-*O��o*N�Ɗ f)� W��n2� |cM-�9&p$~�qI�M{fr+���7�~=nɸ�!E%͖�x�LL._�&p65xf�V،SLsQWj��Lt/rױW,�]mK�sQ���q$Y,Ж\j>!�y�:c�qߎFJi4�gؑ��twV�;S���j0+��&T@S햾m<�g�Դ5Ϸ[N<]h|x4�R&bY
ÿ��֕3��3u̇R�s<�x̱��4���z>`ߘ*%剂wO �~�c yؤ�;x�D(1}w}V�M˨{8gFnaD�^GN�xL}t,8g�P� sYD%9lrUس�~%�md'1Ic�;��q�Y�]Y�ej�60�,.�b" &1o.��å3�mpe��bC@�v��cYfBj1zR�E�cq��If�+qSKISW
��H,Il�viM�\{?Ar�:(q���n$_TMƚ3aj1q&�>�9�)۸��ϗ3L:�dڣ�nR̖0M��`�@dI�X?ΝE1U�
![ ؼ�lF!�_Z1&A̕x_Q *L9Wޯ�[�v��˨U4V?p|&�]h M71G���(%
l�c@XfBY�Tx�m��)O<�Y4nH�d[@�G�O=�6xiEx2
� ?�YIDߦaH]g�l
)��KJa
oEuK�lTdƣln�K-zK-@#ӹg`nW�HaJk|��Oc��I�[�3?7B<.ǽ!k_+@舂*mbS?aV�ݛ"��
H9��1>E�,a���$JP�Ti<
ټmS7�_J?(Tek 3Ϙ�t[rFA/];eH*LjmӉ�PI�%bfJ|��M>KѯsH﮽﮽﮽﮽WSkE�q�=8^/mq�/�f2
9a���@#"+A@�O~��;6=B{S\�.�>JI:w#k{4K�n�w�m���l��M@"��5#��"$ָ7}}Cͧ #"�C|ia�'O:,}�<[PV4xKY2��Ib� ��KDL I�z4彀k3�'@�Ls/9�>>bO�t�]�v����D�Ó#���63L�+-��q�u1R.DDٓSr%t
!5J#N�Ozc��k��~Ev2�M�4~jeuY$7�=�BB=:'Ljg-�L^S,@�h,p2ϩ�:� ��P@��C��� �Mפz%AH7|}+k�Pܦp�A�3ϖă9 �A;&�`�
d�q`^%4ʄDy�%�yko0�:(���4�/�Izd�O�G�lp挝AtX�&`�|+lx�ԋ_�uO�DM.v�W?jD%Rګʄ_|�4#ķjf7Y|Ȭ&;��5Sh�~w�l&'2]^�Iɽ�/
P|F0k��
c��ɗxQ��|i��ȪVF�:t)
۬RP3W#1}elּh�_����ZRˬ�kR$I1�Ʊ�1"*NhV|*P2ͨazD�Ko�p3B$*`Kԍ�БG}�]˼
Xh;�hOװ�>i`y�!Z�p6P]?�z�Ucnbj4�®��O5�wL�!ةiT1�8;7�~��뵽Z+�X67M�g+h%so4���?5�Ӑ4�rC(u[>6_*K�f?�� ^��tI'y{HdEN�?�ޞ-Y?`CP}d1Vސs"a2Q�aFB~q'�dN]�4;8q'A%�&ФC>y|� [�]#��GM�ist�F�x�+�w�w�KLē;[.=qG�rA�k('>?�Dׇ=�:Zg{�B7o
�פ.qH
e�_M �Baq
D0즔�q�a���BX���?D��m�8�QDp0�vKTr@Ym�2}I��4>�RP�y!�Fv#ӏ;�Kb+HJ7;$q8p+j5B��A�^�#:�cjrD�,?��t�UHE�/]^|�u�~8�.
dP����/�l&vf-�f3�\95�1E!�^x�r>&ƘKjxZ)ԔՒ|��Rӊ,w)]�dDo-71�j֘1h*B Uٜ�AK5.�*Z!Ѥ�F��Zj>A{�l�3#�lzZC ��JOk&p��Vi
˴�j�+mLxW8Ow|
v��F<㙛U(U8S7'E[Tx�vXj 1{xUG�'�G�2>n-&�~iX�z>H�'*t=jh�DӤJd�iHbX)ÿCX()r]?3|U-T"��8<�:{ba\S[��:8�G��F_
�6f^zgZQ1IG)}o
#b2z�ވ��qq5`G� =doX�{+$ʽO��g-�<�-RWld""@Ո��^�_�Ѿn?"?4;g};k�zxX�2dqsgD&#(�y;�}t#Ùה�蘱>9 C�O�
2pXg�0ϒb\b�@Ԑ0��د?<& .ycI�� �^yN4X+��MO_��zwb꾌���@�h),f,�]*B)|��>��|�+R0cE)%r��ux53n?".4W
)WT�x����s##vFC�dRu�>�1'}3�1h^^}!'+$'W6}:�_u.�9jud�o([urܽrҹh_^u.ƉL�_3me |Q);KFY�yfvʌPN{cͅfU�,xg��Y�^J>�Mm=���U6j�Uzq7
�&69�Cfuljŵ6�N�g5^L˒c:|j�O6~���V
�CpXmn8~�(�hO�u{qt/ڹFhR�3`dzP1+(MfFy�ʻ�-AQ~�O>'���NqY_i�VF9?t.2ʡ��{�_3��fy���,@��}3s�g�y�2zg(Q~
�dCyF9E^\d�EuwAt3O�K7C\�\f%�U��^�=�A֗�_sV99�@�r�3ڿ�\'I��73y�S�8G�\(_Je�YW@a uqQ^�}V.@y�J2,c/3\.��e{�%;[?�_;Vr]!,.%P�UZ«3/YSʹ�q �6
VD=VbM�dG,D<�mJ96�b�aOd_Ǿ7'%Y#ܻ�GznQ2
�oLg~�<'ԊR�nOArt_Ew�MAw0[W�/:)7}ӚܴOPv��<2kݫ++#B�Af_b
9)?'OxVfw�|�4;(�w�bi3Q
Q�5ýEY�R�W80׀�z90�׃>RqzPg�^U=
:!�ڳi>Y<+h�}s&pN!3J8?0�
H-M�ԳpNzR�?ѰsW�3@�t5^i{�@$~�;�,@�薉�$usgCJ�~+JR�#\!a`={���E\I0jP+W�&���K=#
��.=M^t f�5ϡ'�!�pA>fJ�C Dk(��x��xϲm}�
i�ۼx�[T�;i��~(�q X��pTB�Pcgq�
=q�
YI��5�?b{I�2hؐC�ؒ9N-=�1N>@O?ÙCg�HX&58W�!-7c�U�ݢQ�oM1<:,`�̀N5WЫ�ȹ&3b"�9�oє^\C�.�΅�
˗ X֭2�3x*8�"�"kH�"s�{D�|%ЄZ�sJ�dBM�'K�Ycӄ2�;W, {+2�_j
v.�E݉cE/u�o�a`a?�>V@Um��ÈkC�1,n�~ƠC)�evoZ`Mă�W�v,='�IDOj���ӦUMf@gQl(V^_?oo뭻+0
/R�^m
<}"1b9?���"ㅰxo!�qa�{-sD��?�>K:S1U1ւ�_�/gз�/;MzKV9j�(�(&�]�aьU%J^��T~3(H@%Gb9G8]!
MAE3`A�^|e�D$u'�
�FOf���C��>X�의f�eMc(ŬBCd��=�)O?7G[nI�\�k<>c�iЀΧ^p멎T�gU|��J6�A1^ΝE1�C2z
l|$_Oxª~Saxr=&���gsx���u-I�S`i<�r:���Y �)6--����`⎈Me��eZ:DR�*,Dl'f
,����~sf_[mr
xgs�f@DqD'Pvx�ml<^|:y-�E{�Ofu�ݎ2Jtmk�]!Kb��C>`mR>ŔK�
]'[٧3�й?-{�/��7�nJ7#D*~�X^c �0У,*0%9�-E6<]܈x~;ͺ�g�
f�k�OTx.XU\M)�S_7l\T�FE¶":q`xm;<�k{**l+k[ȁn�T�x�I;s�[__�@�>���{z��w!G[�0tcz7^=
�ɤ{%̅2 !δZxyU~ҥ�N�.I,g`aQd+8*)�ؐ��r���kp曥�3}"@a)5BLN7�So
3pRaL ��$b[и�<>t,Ss�Ϣq9v93E~R%L+DdzUN��Z
^cdX$֬-LE"�)s1�GN���=��`5>gvC{%�z1�w�nX�/t.&DW6K�5�4ƘbYy&���L�9�2lt*�
X>!ˣŬ"D0Ȯ��'Z:tsh;h�[3TBX6�c?t�f���@ý]�Nc*a7<#�/ah(�`y��jSSQ2��$Y"�:xqea�=�Vt*N�z/gvf?Pt/Is倇T34[��?;
�o:_a}BeFBl4*�·Y*�ң�WO�-)h,)Z�NN`��)Xfչ�C&ȕ/g�2F#�oU��AtMe�z'1l5mEg,3l�W'~ѥ;l'�uE^8�%܆mJPQ&s)#�M�Wj\)M�jS9Q��2kE�s+q�>tgLp�-�ͱeRZ`l/Z6v?�])��
|
Network Security & Hardware 
