Sign-up

ID

VAR-200403-0071


CVE

CVE-2004-0169


TITLE

Apple QuickTime/Darwin Streaming Server DESCRIBE Request Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 9735 // CNNVD: CNNVD-200403-069

DESCRIPTION

QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition. apple's darwin streaming server Exists in unspecified vulnerabilities.None. This issue was originally described in Apple Security Update 2004-02-23 Released To Fix Multiple Vulnerabilities (BID 9731). Apple QuickTime/Darwin are popular streaming servers. There is a problem when Apple QuickTime/Darwin parses the DESCRIBE request

Trust: 2.7

sources: NVD: CVE-2004-0169 // CERT/CC: VU#460350 // JVNDB: JVNDB-2004-000769 // BID: 9735 // VULHUB: VHN-8599

AFFECTED PRODUCTS

vendor:applemodel:darwin streaming serverscope:eqversion:4.1.3

Trust: 1.9

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:アップルmodel:darwin streaming serverscope:eqversion:4.1.3

Trust: 0.8

vendor:アップルmodel:darwin streaming serverscope:eqversion: -

Trust: 0.8

vendor:applemodel:quicktime streaming serverscope:eqversion:4.1.3

Trust: 0.3

sources: CERT/CC: VU#460350 // BID: 9735 // JVNDB: JVNDB-2004-000769 // CNNVD: CNNVD-200403-069 // NVD: CVE-2004-0169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0169
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#460350
value: 1.68

Trust: 0.8

NVD: CVE-2004-0169
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200403-069
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8599
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0169
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8599
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#460350 // VULHUB: VHN-8599 // JVNDB: JVNDB-2004-000769 // CNNVD: CNNVD-200403-069 // NVD: CVE-2004-0169

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000769 // NVD: CVE-2004-0169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-069

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200403-069

PATCH

title:lists.apple.com (msg00000)url:https://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000769

EXTERNAL IDS

db:NVDid:CVE-2004-0169

Trust: 3.6

db:CERT/CCid:VU#460350

Trust: 3.3

db:BIDid:9735

Trust: 2.8

db:OSVDBid:6826

Trust: 1.7

db:OSVDBid:6837

Trust: 1.7

db:JVNDBid:JVNDB-2004-000769

Trust: 0.8

db:CNNVDid:CNNVD-200403-069

Trust: 0.7

db:IDEFENSEid:20040223 DARWIN STREAMING SERVER REMOTE DENIAL OF SERVICE VULNERABILITY

Trust: 0.6

db:APPLEid:APPLE-SA-2004-02-23

Trust: 0.6

db:XFid:15291

Trust: 0.6

db:VULHUBid:VHN-8599

Trust: 0.1

sources: CERT/CC: VU#460350 // VULHUB: VHN-8599 // BID: 9735 // JVNDB: JVNDB-2004-000769 // CNNVD: CNNVD-200403-069 // NVD: CVE-2004-0169

REFERENCES

url:http://www.securityfocus.com/bid/9735

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/460350

Trust: 2.5

url:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15291

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2004/feb/msg00000.html

Trust: 1.7

url:http://www.osvdb.org/6826

Trust: 1.7

url:http://www.osvdb.org/6837

Trust: 1.7

url:http://www.idefense.com/application/poi/display?id=75

Trust: 0.8

url:http://www.apple.com/support/security/security_updates.html

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2326.txt

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2004-0169

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/15291

Trust: 0.6

url:/archive/1/355011

Trust: 0.3

sources: CERT/CC: VU#460350 // VULHUB: VHN-8599 // BID: 9735 // JVNDB: JVNDB-2004-000769 // CNNVD: CNNVD-200403-069 // NVD: CVE-2004-0169

CREDITS

iDEFENSE

Trust: 0.6

sources: CNNVD: CNNVD-200403-069

SOURCES

db:CERT/CCid:VU#460350
db:VULHUBid:VHN-8599
db:BIDid:9735
db:JVNDBid:JVNDB-2004-000769
db:CNNVDid:CNNVD-200403-069
db:NVDid:CVE-2004-0169

LAST UPDATE DATE

2024-08-14T12:37:31.713000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#460350date:2004-03-15T00:00:00
db:VULHUBid:VHN-8599date:2017-10-10T00:00:00
db:BIDid:9735date:2015-03-19T08:17:00
db:JVNDBid:JVNDB-2004-000769date:2024-05-30T06:37:00
db:CNNVDid:CNNVD-200403-069date:2005-05-13T00:00:00
db:NVDid:CVE-2004-0169date:2017-10-10T01:30:18.593

SOURCES RELEASE DATE

db:CERT/CCid:VU#460350date:2004-02-25T00:00:00
db:VULHUBid:VHN-8599date:2004-03-15T00:00:00
db:BIDid:9735date:2004-02-24T00:00:00
db:JVNDBid:JVNDB-2004-000769date:2024-05-30T00:00:00
db:CNNVDid:CNNVD-200403-069date:2004-02-24T00:00:00
db:NVDid:CVE-2004-0169date:2004-03-15T05:00:00