|
Family: CGI abuses --> Category: infos
Quicktime/Darwin Remote Admin Exploit Vulnerability Scan
Vulnerability Scan Summary Checks Quicktime/Darwin server for parse_xml.cgi
Detailed Explanation for this Vulnerability Test
The remote host is running Apple QuickTime Streaming Server.
There are multiple flaws in this version :
* Remote code execution vulnerability (by default with root rights)
* 2 Cross Site Scripting vulnerabilies
* Path Disclosure vulnerability
* Arbitrary Directory listing vulnerability
* Buffer overflow in MP3 broadcasting module
See:
http://www.atstake.com/research/advisories/2003/a022403-1.txt
Solution: Install patches from Apple or disable access to this service.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|