Two buffer overflows in the Darwin Streaming Proxy when handling RTSP requests can lead to arbitrary code execution. It appears that these vulnerabilities are very similar to issues already patched in QuickTime.

Description:

The Darwin Streaming Server is the open source Darwin equivalent to the QuickTime Streaming Server that is available for the OS X platform. Patches have been released to address a set of vulnerabilities that appear to be related to previously disclosed and patched issues with QuickTime (certain streaming protocols had some inbuilt weaknesses). In the worst case, an attacker could gain control over a vulnerable system that was running the Server, by supplying malicious network traffic.

Mitigation:

Update to Streaming Server 5.5.5 at the earliest opportunity.

Updates:

http://developer.apple.com/opensource/server/streaming/index.html

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

CVE-ID: CVE-2007-0749 CVE-ID: CVE-2007-0748