toggle

AAPL Stock: 102.5 ( + 0.25 )

Printed from http://www.macnn.com

'Month of bugs' reveals QuickTime exploit

updated 01:10 pm EST, Tue January 2, 2007

'Month of bugs' exploit

A security analyst who elected to kick off the new year with one month of Apple bugs has published the first flaw -- which resides in Apple's QuickTime software. A new post states that a vulnerability in the QuickTime rstp URL handler could allow malicious users to remotely execute code via a stack-based buffer overflow. "By supplying a specially crafted string, an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition," the anonymous security expert wrote. The example exploit, which requires a working Ruby interpreter, creates a QTL file that users can open locally or that is served remotely via a Web server. The poster notes that while the sample exploit itself is trivial in nature, the code could easily be modified to use shell code. The author also notes that the only known workaround for Mac users is to disable the rtsp:// URL handler or uninstall QuickTime entirely.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. fritzw1957

    Joined: Dec 1969

    0

    I suspect...

    a Security Update forthcoming from Apple. While Apple hasn't always been fast at releasing some updates, they will probably address this "bug" soon enough.

  1. sixcolors

    Joined: Dec 1969

    0

    Bug reporter

    I generally publish stuff like this to apple's beg reporter. That way it gets fixed. All this does is give those who would actually do something malicious the methods to do so.

    Why do I take this stance? Well it's simple. People who use exploits on the general public are idiots. They do not have the ability to find actual security flaws and exploit them. They require someone else to find them, publish them and they then follow directions.

    I'll stick to being constructive instead of being an egomaniacal a**.

  1. smittie

    Joined: Dec 1969

    0

    Exploitation indeed

    The real exploitation here is LHM. LHM seeks to exploit the media in order to gain his fifteen minutes of fame. Whether LHM wants to prove that he is L33t and pwnz u or wants to get someone's attention so that they will give him a job or some other goal, it is still plain and simple exploitation of the media.

    It would be interesting to find out if any of the things that LHM will tell us about over the next 29 days are actually orginal. I suspect not.

    In the end, as sixcolors has already pointed out, mature software engineers report bugs and security issue through established bug reporting systems so that the bugs can get fixed. Children and those with ego issues do other things.

    Enjoy the spotlight LHM. I hope you find what you're really looking for.

    Smittie

  1. t6hawk

    Joined: Dec 1969

    0

    A security analyst?

    This guy shouldn't be called a security analyst. Real analysts use their names.

  1. smittie

    Joined: Dec 1969

    0

    Hum?

    Someone smarter than me needs to look into this further but it appears to be that LHM's first security issue is either known by Apple or has already been fixed. The following quote is from this page on Apple's support site:

    "QuickTime Streaming Server

    CVE-ID: CVE-2006-1456

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.6

    Impact: Maliciously-crafted RTSP requests may lead to crashes or arbitrary code execution

    Description: By carefully crafting an RTSP request, an attacker may be able to trigger a buffer overflow during message logging. This may lead to the arbitrary code execution with the privileges of the QuickTime Streaming Server. This update adresses the issue by properly handling the boundary conditions. Credit to the Mu Security research team for reporting this issue."

    Is this not the same issue that LHM claims to be reporting??

  1. smittie

    Joined: Dec 1969

    0

    RE: Hum?

    Sorry. The url didn't post. It is:

    http://docs.info.apple.com/article.html?artnum=303737

    Smittie

  1. smittie

    Joined: Dec 1969

    0

    RE: Hum?

    I suppose the unique aspect that LHM is reporting is that the rtsp request affects not only QTSS but QuickTime client as well.

  1. mgpalma

    Joined: Dec 1969

    0

    yawn

    I can't wait to see what's next.

  1. williamdrover

    Joined: Dec 1969

    0

    aaaarghh

    Actually ther 'bug' is that I watched a movie of this 'analyst's' mother in Quictime and it made me smash my face through my monitor in horror, thus rendering the entire computer useless. It's way more serious than he leads you to believe!

  1. Rosyna

    Joined: Dec 1969

    0

    Already a fix...

    There's already a fix for it available at http://www.unsanity.org/archives/mac_os_x/the_month_of_trolly_trolls_and.php

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented