Apple QuickTime RTSP "Content-Type" Header Buffer Overflow

Discussion in 'other security issues & news' started by ronjor, Dec 3, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Secunia
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting comment:

    http://blogs.zdnet.com/security/?p=697&tag=nl.e589
    This should not be taken to pick on just Apple, but to show that any piece of software is potentially subject to abuse. Microsoft is no longer the only player in the hot seat.

    Usual vector of attack:

    http://secunia.com/advisories/27755/
    A friend emailed last night that a check of all known exploit sites showed they were adult web sites. So far the attack's goal is the usual:

    http://www.computerworld.com/action...asic&articleId=9050478&source=NLT_VVR&nlid=37
    ----
    rich
     
  3. Dogbiscuit

    Dogbiscuit Guest

    Would disabling plugins prevent an attack through the browser?
     
    Last edited by a moderator: Dec 9, 2007
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    NoScript is your friend ;)
     
  6. Dogbiscuit

    Dogbiscuit Guest

    Thanks for the link Rmus. I didn't realize there were so many ways to help mitigate against the vulnerability.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You are welcome.

    You will notice that most of the solutions end up disabling QT or it's functions.

    Before thinking about employing a "work-around" solution, I consider:

    1) the likelihood of encountering the exploit

    2) what the exploit actually is

    For 1) I noted in an above post the sources of the malicious files, and determined that I and users I help wouldn't be in that territory.

    For 2) I noted what the work-around solutions actually accomplished:

    The vulnerability lets the exploit download/install an executable by remote code execution -- easily prevented by currently installed security -- in effect blocking the attack.

    Conclusion: workaround solution not necessary in my case.

    The same approach can apply to numerous such file-type exploits,such as .pdf, .doc.

    Most of the time, to get relevant information, you have to dig further than the initial press release, which ususally doesn't give many technical details of the exploit.

    It may be that one doesn't have to take drastic measures: just have careful user policies in place and security that prevents the particular exploit payload.

    This suffices until a patch is released.


    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.