Sign-up

ID

VAR-200303-0097


CVE

CVE-2003-0050


TITLE

Apple Quicktime/Darwin Streaming server parse_xml.cgi Remote command execution vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-039

DESCRIPTION

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. A command execution vulnerability has been discovered in the Darwin/QuickTime Streaming Servers. The vulnerability exists due to insufficient sanitization performed on some user-supplied input. An attacker can exploit this vulnerability by submitting a specially crafted string to the parse_xml.cgi application that include malicious shell commands. These commands, when received by the Streaming Administration Servers, will be executed and may be used to compromise a vulnerable system. By default, these services listen on port 1220/TCP with root user privileges. The Darwin/QuickTime streaming server does not adequately sanitize user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application to authenticate and interact with the user. This CGI is written in PERL and passes the input directly to the open() function without sufficient processing. When the pipe \'\'|\'\' character is inserted When entered, it can cause the open() function to execute the embedded command, and the input of the parameters can be submitted to CGI through a GET request. The new version of the Darwin stream management server provides partial filtering, but inserting NULL characters between the last character of the command and the pipe bypasses the check and executes arbitrary commands on the system with the privileges of the stream server process

Trust: 1.26

sources: NVD: CVE-2003-0050 // BID: 6954 // VULHUB: VHN-6880

AFFECTED PRODUCTS

vendor:applemodel:darwin streaming serverscope:eqversion:4.1.2

Trust: 1.9

vendor:applemodel:quicktime streaming serverscope:eqversion:4.1.1

Trust: 1.6

sources: BID: 6954 // CNNVD: CNNVD-200303-039 // NVD: CVE-2003-0050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0050
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200303-039
value: HIGH

Trust: 0.6

VULHUB: VHN-6880
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0050
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6880
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6880 // CNNVD: CNNVD-200303-039 // NVD: CVE-2003-0050

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-039

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200303-039

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-6880

EXTERNAL IDS
db:BIDid:6954
Trust: 2.0
db:NVDid:CVE-2003-0050
Trust: 2.0
db:CNNVDid:CNNVD-200303-039
Trust: 0.7
db:BUGTRAQid:20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES
Trust: 0.6
db:XFid:11401
Trust: 0.6
db:PACKETSTORMid:84525
Trust: 0.1
db:SEEBUGid:SSVID-71386
Trust: 0.1
db:EXPLOIT-DBid:16891
Trust: 0.1
db:VULHUBid:VHN-6880
Trust: 0.1
sources:
            
            
            VULHUB: VHN-6880 // 
            
            
            
            BID: 6954 // 
            
            
            
            CNNVD: CNNVD-200303-039 // 
            
            
            
            NVD: CVE-2003-0050

REFERENCES
url:http://www.securityfocus.com/bid/6954
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt
Trust: 1.7
url:http://www.iss.net/security_center/static/11401.php
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Trust: 1.1
url:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Trust: 0.6
url:http://www.info.apple.com/usen/security/security_updates.html
Trust: 0.3
url: - 
Trust: 0.1
sources:
            
            
            VULHUB: VHN-6880 // 
            
            
            
            BID: 6954 // 
            
            
            
            CNNVD: CNNVD-200303-039 // 
            
            
            
            NVD: CVE-2003-0050

CREDITS
Dave G.※ daveg@atstake.com※Ollie Whitehouse※ ollie@atstake.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200303-039

SOURCES
db:VULHUBid:VHN-6880
db:BIDid:6954
db:CNNVDid:CNNVD-200303-039
db:NVDid:CVE-2003-0050

LAST UPDATE DATE
2024-08-14T12:11:05.361000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-6880date:2016-10-18T00:00:00
db:BIDid:6954date:2009-07-11T20:06:00
db:CNNVDid:CNNVD-200303-039date:2005-05-13T00:00:00
db:NVDid:CVE-2003-0050date:2016-10-18T02:28:47.657

SOURCES RELEASE DATE
db:VULHUBid:VHN-6880date:2003-03-07T00:00:00
db:BIDid:6954date:2003-02-24T00:00:00
db:CNNVDid:CNNVD-200303-039date:2003-02-24T00:00:00
db:NVDid:CVE-2003-0050date:2003-03-07T05:00:00