Print this article  |  E-mail this article  |  Comment on this article

New QuickTime exploit triggers the same old stack overflow

By Scott M. Fulton, III, BetaNews

November 26, 2007, 4:18 PM

It would appear a January fix that supposedly protects against malformed URLs to the RTSC protocol of Apple's QuickTime wasn't a complete fix after all.

The US-CERT office of the Dept. of Homeland Security confirmed this morning that an intentionally malformed header sent to the Real Time Streaming Protocol handler of Apple's QuickTime for Windows, and presumably for Mac OS as well, will cause a familiar stack buffer overflow problem that could be exploitable from the outside.

A similar problem was addressed by Apple last January, when a patch was issued to guard against intentionally malformed URLs sent through RTSP protocol to QuickTime. But now the problem appears to involve overflowing the message header - not the URL to which the message is directed - with garbage characters at the end.

Publicly available exploit code revealed by US-CERT appears to indicate that when the tail end of an otherwise properly parsed RTSP message is padded with garbage characters rather than with an empty line (as indicated by the IETF's description of RTSP), a stack overflow condition is triggered.

It's a different attack vector, but the same one triggered by the URL overflow discovered last January by security researcher Lance M. Havok. That month, Havok simultaneously released bulletins on 31 Mac OS and QuickTime-related exploits, in what he called "The Month of Apple Bugs."

US-CERT has not mentioned that it's been made aware of any public instances of a version of this exploit in the wild.

Add a Comment (36 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By mjm01010101

edited Nov 28, 2007 - 2:12 AM

Dumping Quicktime permanently is the solution.
http://secunia.com/product/5090/?task=statistics

It's a media player. It plays files that basically should be simple formats. This isn't rocket science folks. If your media application can't handle basic media formats, you need to stop using it.

I dumped Quicktime, QT lite/alternative/whatever and haven't looked back.

Score: 0

By flibberyGiveIt

posted Nov 27, 2007 - 2:22 PM

So Apple's fix to the stack over flow was to
just truncate the data sent to the stack from
that one source and ignore the actual problem
which is a stack that can overflow.

Jeeze, that's the kind of thing _I_ would do.

Score: 0

By caronn

posted Nov 27, 2007 - 4:58 AM

I stopped using Apple QuickTime libraries. They have a lot of security flaws!

Score: 0

By pitdingo

edited Nov 27, 2007 - 8:23 AM

If you are that worried about security flaws, why are you on the internet? Why do you use a computer?

Funniest thing is, i bet you are using a M$ Windows based computer. You see things like this pretty much every day...
http://www.theregister.c.../wpad_vuln_investigated/

Score: 0

By mjm01010101

posted Nov 28, 2007 - 2:08 AM

It's a media player. It's not like a browser that deals with 40 different LANGUAGES let alone boundary bugs. It plays simple, static files with known elements. I'd expect maybe 1-2 vulns a year? Max of three, like Windows Media seems to be getting? How about Media player classic? not too many. Apple is getting 15+ a year, it's patch mechanism frequently requires an uninstall, install, reboot, taking a good 10 minutes on modern machines. Yikes. Sad.

Score: 0

By SGD

posted Nov 27, 2007 - 9:16 AM

Why not use Windows pitdingo it is the leader in case you missed that. What is the market penetration of your loved Mac something like 3% of the market. I'll stick with Windows Vista thank you.

Score: 0

By PhoenixPath

posted Nov 27, 2007 - 9:32 AM

Heh...

Windows is clearly better. It's sales prove it. Unlike Macs, who's sales pale in comparison.

We all know sales=quality, otherwise pitdingo wouldn't be able to slam the Zune (having never actually used one).

Score: 0

By ZenWarrior

posted Nov 27, 2007 - 5:18 PM

Sales = Quality?

Not much of a history student, eh?

Score: 0

By PC_Tool

posted Nov 28, 2007 - 10:17 PM

WOOOOSH!

Score: 0

By pitdingo

posted Nov 27, 2007 - 10:30 AM

I slam the Zune simply because it is horrible. The hardware design is worse than the ipod and the software is nothing next to iTunes.

here is a good read...

http://www.roughlydrafte...s-zune-is-still-failing/

Score: 0

By PhoenixPath

posted Nov 27, 2007 - 12:04 PM

You wouldn't know, of course, as you've never so much as glanced at one, much less used one.

Listening to your opinions on this product is like listening to a Polar bear b**** about the weather in Tahiti.

Score: 0

By SGD

posted Nov 27, 2007 - 11:57 AM

Both the ipod and Itunes blow what are you talking about.

Score: 0

By Paul Skinner

posted Nov 26, 2007 - 6:21 PM

Ok, normally I wouldn't comment on a singular security flaw (unless it's a blindingly obvious one) in a program.

This time I am:

A. It's the second or third time it's going to be patched
B. Apple's stance on this sort of thing

I would, without shadow of a doubt, purchase a Macintosh computer if it weren't for the sheer arrogance of the company and it's 'followers'.

Every software has bugs and security holes but taking a cheap shot at a rival company with adverts suggesting your have better software that is more secure when
A. they own a sizeable chunk of you, and
B. if they hadn't supplied you with the support they did at the start you wouldn't be anywhere near what you are today
is unacceptable.

Something has to change. Either they do produce flawless products, or they stop being so arrogant.

Score: 0

By PC_Tool

posted Nov 26, 2007 - 10:27 PM

I really don't think Steve and Bill are on that uneasy of terms. Hell, they probably still conference call on a weekly basis.

The marketing is just that. I'd not be quick to assume either company is taking it personally.

They are good ads. Even to those who know better, if they at least have a sense of humor, they are entertaining.

Score: 0

By BeyondYourFrontDoor

posted Nov 26, 2007 - 11:56 PM

The last few haven't been as funny... I'm on the fence... a few more funny ads and I'll buy an iMac. They already got me on the iPod Touch - the most fun gadget I've owned in a while.

Score: 0

By mjm01010101

posted Nov 28, 2007 - 2:10 AM

At least we still know the RDF works. I was wondering there for a sec.

Score: 0

By Bogunch

posted Nov 27, 2007 - 10:02 AM

...the most fun gadget I've owned in a while.

Really! That other thing has been down there your whole life!!!!

Score: 0

By PC_Tool

posted Nov 27, 2007 - 12:35 AM

I dunno. The one where he's got the PR chick is pretty good.

Score: 0

By pitdingo

posted Nov 26, 2007 - 6:34 PM

A. M$ does not own a sizable chunk of Apple. Please provide a reference...

B. Whether M$ support of Apple way back when kept Apple alive is debatable. I tend to lean more towards the return of Steve Jobs in 1997 as being what kept Apple alive.

Who says Apple makes flawless products? I think you are confused.

Score: 0

By PC_Tool

posted Nov 26, 2007 - 10:18 PM

Circa 1997:

Microsoft, the world's largest software company, is buying $150 million in Apple company stock.
This means Microsoft will be an Apple shareholder and will make money on this stock if Apple prospers and will lose money if Apple takes a dive. But Microsoft won't have the right to vote at Apple's annual meeting and won't get any official say in how Apple is run.
Apple and Microsoft will share each other's ideas on how to make software. They'll use the same code for the wildly successful Java programming language -- a big plus for anyone who wants to make sure Java code will work on the World Wide Web.

That last bit about Java is especially amusing...

Score: 0

By pitdingo

posted Nov 27, 2007 - 8:01 AM

Again, $150 million is not a "sizable" chunk of Apple.

Score: 0

By xyzcb1

edited Nov 27, 2007 - 10:25 AM

You moron. $150 millions is sizable back in 1997 when AAPL was around $5 (split adjusted) with market cap around $4.5 billions. That mean that $150 million is 3.5% of total share outside.

In translation, that mean that $150 millions is not worth $5.25 billions

Score: 0

By Jordanr05

posted Nov 27, 2007 - 3:41 PM

Not that I'm defending that pitdingo moron in any way, but the shares were convertible preferred (non-voting) stock. Now MS did convert them to a large quantity of common shares, but then sold them off for a profit. Just google it to see the details. They still have a small stake in some funds, but nothing like they had in 1997.

But I'm definitely in the "MS helped out Apple at the start big-time" group.

Score: 0

By PhoenixPath

posted Nov 27, 2007 - 9:30 AM

I believe it's been posted, but it is widely believed that Apple could very well have not survived (at least not in any way close to what it is now) without Microsoft's help.

Sure, it's pennies now, but when they were hurting in '97, it was enough to keep them from the brink. (Not to mention the effects of having Bill/MS on the board)

Score: 0

By Jordanr05

edited Nov 27, 2007 - 3:46 PM

Definitely true - their $150 million contribution to Apple's capital definitely helped out.

I'm impartial to either company, but facts are facts.

Score: 0

By alphatrigon

posted Nov 26, 2007 - 7:20 PM

http://www.pcworld.com/a...156-page,1/article.html

how much was what back then for percentages? I'm sure at that time, that's a sizable chunk, since they would have been nonexistant without MS...or maybe like the commodore 64 some people still use.

heehee

btw, Apple keeps saying it's flawless..."it just works" and "does not get viruses". You can try to rework that anyway you like...have fun

Score: 0

By pitdingo

edited Nov 26, 2007 - 10:17 PM

$150 million really is not all that much money dude. Apple survived due to one reason: Steve Jobs.

Have fun making up things. Apples do "just work". Show me where Apple says they do not get viruses? Have fun finding that one... lol

http://www.youtube.com/watch?v=ZRAUlK8_2VE

Score: 0

By alphatrigon

edited Nov 27, 2007 - 4:56 PM

IF you are saying what Apple says in it's ads is not what it's saying, than I understand why you are in such denial, thought I don't really know logistically why you would stick to it

http://en.wikipedia.org/wiki/Get_a_Mac
The whole ad campaign is bout the above, you can watch their ads and hear it, but maybe to many it means something entirely different to you.

Vista just works for me too, so does XP.

http://www.asa.org.uk/as...Public/TF_ADJ_42723.htm

Maybe just maybe you missed out on their no virus claim, because they stopped claiming it...but they did claim it.

also enjoy this youtube...
http://www.youtube.com/watch?v=GQb_Q8WRL_g

Score: 0

By PC_Tool

edited Nov 26, 2007 - 10:23 PM

Apples do "just work".

Kindly allow me to direct your attention to:

http://www.appledefects.com/

For the most part they do "just work". But for many, they "just don't". Funny that. Apparently there is no such thing as a PC-based product that "just works" for everyone.

{Edit:} ...and you can say $150mil wasn't hat much, but according to many of the websites from the era and much of the commonly held beliefs now, Apple could very well have bitten the dust had Microsoft not agreed to help them out.

Not saying it was a good idea for ol' Jobsy, but...

Score: 0

By pitdingo

posted Nov 27, 2007 - 8:07 AM

depends how you define: "Just works". My Apple works just fine. Just like your M$ Vista might "just work" for you.

Score: 0

By PhoenixPath

posted Nov 27, 2007 - 9:27 AM

Sure.

But saying "It just works" without following it up with, "for me" implies otherwise, which is, after all, the entire point of that marketing campaign.

{sarcasm}
And we all know you wouldn't parrot someone else's opinions or market-speak unless you knew what it meant, right?
{/sarcasm}

Score: 0

By Niro

posted Nov 26, 2007 - 11:02 PM

I wouldn't expect Pit to undetand...1997 is WAY before his time...he was only allowed to get on the internet sometime this year.

Score: 0

By pitdingo

posted Nov 27, 2007 - 8:02 AM

Likewise, i would not expect the illiterate M$ drone trolls on here to understand.

Score: 0

By SGD

posted Nov 27, 2007 - 9:20 AM

You are the troll pit.

Score: 0

By PC_Tool

posted Nov 27, 2007 - 12:34 AM

lmao...

Score: 0

By alphatrigon

posted Nov 26, 2007 - 4:26 PM

1st! Lies!!! Apple says it's perfect and just works!!!! Gotz ta be true...so resounds all their sheep. hehe...of course I don't believe the commercials, but they are entertaining in that amusing "special child" sort of way. ;)

Score: 0

Dec 5 - 1:45 AM ET Shazam: eight million songs of the eternal Now

Dec 4 - 7:30 PM ET Comcast to offer bandwidth consumption monitor

Dec 4 - 5:37 PM ET Counterfeiters sing the 'Blue' as Microsoft lawyers up

Dec 4 - 4:40 PM ET Opera 10 alpha shows off new Presto rendering engine

Dec 4 - 2:29 PM ET Apple: Psystar clone-maker is working with unnamed collaborators

Dec 4 - 2:21 PM ET Windows Live rollout sketchy, team apologizes

Dec 4 - 2:20 PM ET Stinging from a revenue shortfall, Adobe to shed workers

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out