On TV.com: ADAM LAMBERT'S A Big Faker

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

May 10th, 2007

Apple plugs critical holes in Darwin Streaming Server

Posted by Ryan Naraine @ 3:17 pm

Categories: Apple, Browsers, Data theft, Exploit code, Hackers, Metasploit, Open source, Patch Watch, Pen testing, Privacy, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Apple Computer Inc., Attacker, Open Source, Server, Buffer-overflow, Ryan Naraine

Apple has released a new version of the open-source Darwin Streaming Server to plug a pair of security flaws that could cause code execution attacks. Apple

The more serious of the two bugs — a stack buffer overflow in the Darwin Streaming Proxy — could allow a remote attacker to use maliciously crafted RTSP requests to launch arbitrary code.

The second issue was also identified in the Darwin Streaming Proxy. It is described as a heap buffer overflow that could allow a remote attacker to cause an unexpected application crash or the execution of harmful code.

iDefense's VCP, which buys the rights to vulnerability information, is credited with reporting both flaws to Apple.

The Darwin Streaming Server is the open-source version of Apple's QuickTime Streaming Server technology. It is used to send streaming media to clients across the Internet using the RTP and RTSP protocols.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 73 Talkback(s)

Thread View
Flat View

Apple plugs critical holes in Darwin Streaming Server: I guess you did not see all the ones directly targeting Vista? Nt.

iPod Mp4 Guide
http://www.ipod-mp4-converter.com/... (Read the rest); Posted by: jessicajaja@... Posted on: 05/15/07 You are currently: a Guest | Log in | Terms of Use

Flaws? Possible exploits? M.R. Kennedy | 05/10/07

Hackers hijack Windows Update's downloader I'm Ye, the MS SHILL . | 05/11/07

You've left something out... RocketEater | 05/11/07

Which is why the web is plagued with so many problems . I'm Ye, the MS SHILL . | 05/11/07

Oh brother! RocketEater | 05/11/07

If so then go sue ComputerWorld.com for posting a false story . I'm Ye, the MS SHILL . | 05/11/07

ObeyMeIAmRoot i think you are misreading the ComputerWorld article SO.CAL Guy | 05/11/07

Open Source and Apple TonyMcS | 05/10/07

Don't complain TonyMcS | 05/10/07

Ads will be ads Voodoo187 | 05/10/07

Interesting NonZealot | 05/10/07

I wonder who on Apple's board gave them the idea John Zern | 05/10/07

John Zern the name Steve Job's comes to mind for some reason lol (NT) SO.CAL Guy | 05/11/07

Competition by name? ju1ce | 05/11/07

I guess you did not see all the ones directly targeting Vista? Nt. bka1959 | 05/11/07

ju1ce if you can't tell who mac is talking about in them commercials SO.CAL Guy | 05/11/07

The Bloatware was the funniest one and the only one that was Dead on! NT. bka1959 | 05/11/07

By Name??? Freebird54 | 05/12/07

Then you need to watch more ads! NonZealot | 05/12/07

Out of interest zkiwi | 05/10/07

He forgot to logout & then login under a different moniker. I'm Ye, the MS SHILL . | 05/11/07

When did they ever run an ad that stated Kid Icarus-21097050858087920245213802267493 | 05/11/07

DEFEND THE QUEEN!!!!!!!!!!1111one11!1 NonZealot | 05/10/07

You do realize NonZ...... Piot | 05/10/07

What do you expect from a Zealot on CRACK . I'm Ye, the MS SHILL . | 05/11/07

Is that the Macbook CRACK, or the Quicktime / Java / Safari CRACK? (NT) Scrat | 05/11/07

You mean the QuickTime/Java crack that can be used on Windows also . I'm Ye, the MS SHILL . | 05/11/07

You are wrong in a fundamental way NonZealot | 05/11/07

Thats the thing Zealot . I'm Ye, the MS SHILL . | 05/11/07

Yes, that's the thing. xuniL_z | 05/11/07

Hackers hijack Windows Update's downloader I'm Ye, the MS SHILL . | 05/11/07

More of this crap? RocketEater | 05/11/07

If it's so much crap . Then why are you eating it ? I'm Ye, the MS SHILL . | 05/11/07

Excuse me? justanitguy | 05/11/07

The flaw that ZDNET has postesd was fixed before anyone knew . I'm Ye, the MS SHILL . | 05/11/07

Why do I bother? RocketEater | 05/11/07

the story you posted root is a non issue there is no proof it is even possa SO.CAL Guy | 05/11/07

Quit Spamming this forum. xuniL_z | 05/11/07

***yawn*** Apple software...bugged..hole...zzZzzZZZzz Scrat | 05/11/07

good hardware? msalzberg | 05/11/07

You forgot to mention.. ju1ce | 05/11/07

Harry Bardal frgough | 05/11/07

What exactly are you saying ju1ce? Scrat | 05/11/07

No Turtleneck???? bka1959 | 05/11/07

Sorry for the fashion update... msalzberg | 05/11/07

lets not forget the mac hate sites lol SO.CAL Guy | 05/11/07

iguessyoudidntgetmypoint msalzberg | 05/11/07

i got you point i just wanted to post the links and as SO.CAL Guy | 05/11/07

You may not be writing a book... msalzberg | 05/11/07

hm i read these post all the time and i do not see but a few SO.CAL Guy | 05/11/07

msalzberg SO.CAL Guy | 05/11/07

SO.CAL, my friend... msalzberg | 05/12/07

This isn't even news worthy . I'm Ye, the MS SHILL . | 05/11/07

Did you even read that article? RocketEater | 05/11/07

How many Windows machines do you think are owned worldwide ? I'm Ye, the MS SHILL . | 05/11/07

Idiots and statistics... justanitguy | 05/11/07

The majority of Windows users don't work in corporate environments . I'm Ye, the MS SHILL . | 05/11/07

GET OUT!!! SPAMMER. xuniL_z | 05/11/07

Moonlighting on Statistics Serpamac | 05/11/07

Time to brush up yourself! NonZealot | 05/11/07

How many Windows machines do you think are owned worldwide ? bka1959 | 05/11/07

So what? frgough | 05/11/07

People like me? So Wrong!! bka1959 | 05/11/07

Possibly quite more than is used in Corporate IT environments . I'm Ye, the MS SHILL . | 05/11/07

And That has what to do with my post? nt? bka1959 | 05/11/07

The big problem is... RocketEater | 05/11/07

Then why a sensational story, why not sue Computerworld for a false story. I'm Ye, the MS SHILL . | 05/11/07

It's not the story, ... RocketEater | 05/11/07

root you put out your share of FUD dude wink

wink

(NT) SO.CAL Guy | 05/11/07

if it were a big problem we would have heard about it and not one word root SO.CAL Guy | 05/11/07

Just like the .ani exploit wasn't heard of until recently . I'm Ye, the MS SHILL . | 05/11/07

Root you sound like a broken record it's a non issue (NT) SO.CAL Guy | 05/11/07

Apple plugs critical holes in Darwin Streaming Server jessicajaja@... | 05/15/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+41 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Phishing experiment sneaks through all anti-spam filters+25 votes
Microsoft patches Windows worm holes, drive-by download flaws+20 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Click Here

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More