Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11278
Category:Gain a shell remotely
Title:Quicktime/Darwin Remote Admin Exploit
Summary:Cross site scripting, buffer overflow and remote command; execution on QuickTime/Darwin Streaming Administration Server.
Description:Summary:
Cross site scripting, buffer overflow and remote command
execution on QuickTime/Darwin Streaming Administration Server.

Vulnerability Insight:
This is due to parsing problems with per script:

parse_xml.cgi.

The worst of these vulnerabilities allows for remote command execution usually as root
or administrator.

These servers are installed by default on port 1220.

Solution:
Obtain a patch or new software from Apple or block this port (TCP 1220) from internet access.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 6954
BugTraq ID: 6955
BugTraq ID: 6956
BugTraq ID: 6957
BugTraq ID: 6958
BugTraq ID: 6960
BugTraq ID: 6990
Common Vulnerability Exposure (CVE) ID: CVE-2003-0050
@stake Security Advisory: A032403-1
http://www.securityfocus.com/bid/6954
Bugtraq: 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=104618904330226&w=2
http://www.iss.net/security_center/static/11401.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0051
http://www.securityfocus.com/bid/6956
http://www.iss.net/security_center/static/11402.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0052
http://www.securityfocus.com/bid/6955
http://www.iss.net/security_center/static/11403.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0053
http://www.securityfocus.com/bid/6958
http://www.iss.net/security_center/static/11404.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0054
http://www.securityfocus.com/bid/6960
http://www.iss.net/security_center/static/11405.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0055
http://www.securityfocus.com/bid/6957
http://www.iss.net/security_center/static/11406.php
CopyrightCopyright (C) 2005 Michael Scheidell

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.