Apple has updated its open-source Darwin Streaming Server to fix two critical security holes that can allow a remote attacker to hijack the server.
Darwin is an open-source version of Apple’s QuickTime Streaming Server that enables users to send streaming media to clients across the Internet using the industry standard RTP and RTSP protocols. It’s based on the same code as QuickTime Streaming Server and runs on a variety of platforms.
The first hole fixed in DSS 5.5.5, downloadable here, is a stack buffer overflow in the Darwin Streaming Proxy. Its CVE ID is CVE-2007-0749. An attacker can trigger the overflow by sending specially crafted RTSP requests, after which he or she can remotely execute code on the victimized system. The update fixes the overflow vulnerability with additional validation of such requests.
The second hole, a heap buffer overflow, is also triggered by a maliciously crafted RTSP request, and can also allow an attacker to remotely execute code. This second hole, CVE-ID: CVE-2007-0748, has also been remedied with additional validation of RTSP requests.
