Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple QuickTime 7.3 RTSP Response 0day - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple QuickTime 7.3 RTSP Response 0day

Thank you all for writing in!!  We appreciate it, things have been a little crazy around the ISC today, so we haven't been able to throw some stuff up on the diary about the Quicktime bug.  (We've had to wake everyone up, they all ate turkey..tryptophan... it's not pretty, anyway...)

As outlined by Secunia, Apple's Quicktime 7.2 and 7.3 has a overwrite condition via incorrect rtsp parsing.  Check it out here

There are several things you can do until this gets patched (just remember to undo them after you patch!).

1) Block the RTSP protocol.  Ports are 554/tcp and 6970-6999/udp.

2) Set the Killbit for Quicktime CLSID's:

    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    {4063BE15-3B08-470D-A0D5-B37161CFFD69}

There are some other recommendations over at the US-CERT site.  But like I said, remember to undo them after the patch, or you will be wondering why things aren't working with your Quicktime streams. 

Please remember that Quicktime is a component of iTunes...


Joel Esler

http://www.joelesler.net

Joel

454 Posts
ISC Handler
I've posted Snort rules and more information on my blog at http://riosec.com/more-quicktime-fun

- Chris
Anonymous

Sign Up for Free or Log In to start participating in the conversation!