Full Disclosure mailing list archives
Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
From: northern snowfall <dbailey27 () ameritech net>
Date: Wed, 23 Jul 2003 00:41:23 -0500
If somebody can send you a low-bandwidth stream of packets that make your server work WAY too hard, so that the expensive server that's supposed to be handling 500 simultaneous clients is dropping users at 75, it's a security issue.
Yeh. I actually wrote an exploit for a condition similar to this, recently. The DoS condition was a remote vulnerability that lead to 100% CPU usagefor a period of approximately 6 minutes in length before a time-out occurred.
After this time-out, I was easily able to perpetuate the DoS condition with another, specially crafted, packet. In correlation with this vulnerability I maintained a bit walk (coined by a friend?) technique on an exploit that needed an approximated fourteen minutes to determine a proper return address. Since the exploit triggered some pretty obvious noise any admin could see, the DoS condition kept any admin from logging in either locally on via console. This leaded to success. That's just a nice example of how DoS can actually be of some functional use in a given threat vector. More obvious examples would be hijacking conditions. Don http://www.7f.no-ip.com/~north_ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server advisory (Jul 22)
- Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server security snot (Jul 22)
- Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server Jim Duncan (Jul 22)
- Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server Valdis . Kletnieks (Jul 22)
- Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server northern snowfall (Jul 22)
- Re: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server security snot (Jul 22)