|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Jan 05 2004 - 09:07:27 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Webcam Watchdog Web Interface Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA10527
VERIFY ADVISORY:
http://www.secunia.com/advisories/10527/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Webcam Watchdog 3.x
DESCRIPTION:
Peter Winter-Smith has reported a vulnerability in Webcam Watchdog,
which can be exploited by malicious people to compromise a vulnerable
system.
A boundary error in the web interface used for remote viewing can be
exploited to cause a buffer overflow by sending an overly long HTTP
GET request to it.
Successful exploitation may allow execution of arbitrary code on an
affected system.
The vulnerability has been reported in version 3.63 and prior.
SOLUTION:
The vendor has released version 3.64, which may fix the
vulnerability. However, this has not been confirmed at present.
http://www.webcamsoft.com/en/watchdog.html
Restrict access to the web interface, allowing only trusted IP
addresses to connect.
Disable the remote viewing web interface.
PROVIDED AND/OR DISCOVERED BY:
Peter Winter-Smith
ORIGINAL ADVISORY:
http://www.elitehaven.net/webcamwatchdog.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]