search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility

Vulnerability Note VU#148564

Original Release Date: 2003-12-23 | Last Revised: 2003-12-23

Overview

Apple's QuickTime and Darwin Streaming Server (DSS) package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service.

Description

Apple's QuickTime and Darwin Streaming Server is software which provides integrated distribution of various forms of digital content. Such content can be delivered over a network using Real-Time Transport Protocol (RTP) and Real-Time Streaming Protocol (RTSP). Streaming media content can include files encoded in QuickTime, MPEG, and MP3 formats. A utility package called MP3Broadcaster contains an integer overflow vulnerability. Like buffer overflows, an integer overflow may be exploited to cause affected software to crash. Under certain circumstances, an integer overflow has the potential to be allow an attacker to exploit arbitrary code, but in this case, does not appear possible.

The integer overflow in MP3Broadcaster in DSS 4.1.3 is triggered when parsing malformed ID3 tags within crafted MP3 files. This vulnerability only has the potential to be exploited by remote attackers if they can get vulnerable servers to parse malicious MP3 files (i.e., by uploading a file).

Impact

Exploitation of this vulnerability may lead to denial of service.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Ensure unauthenticated remote broadcasts is disabled.

Vendor Information

148564
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Sir Mordred reported this vulnerability in several public forums.

This document was written by Jeffrey S. Havrilla.

Other Information

CVE IDs: None
Severity Metric: 4.69
Date Public: 2003-05-22
Date First Published: 2003-12-23
Date Last Updated: 2003-12-23 16:01 UTC
Document Revision: 10

Sponsored by CISA.