|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Netsnap Webcam Software Remote Overflow
From: SNS Research (vuln-dev
GREYHACK.COM)Date: Wed Nov 15 2000 - 17:21:46 CST
- Next message: Steve: "InoculateIT AV Option for MS Exchange Server"
- Previous message: SNS Research: "Rideway PN Telnet DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Strumpf Noir Society Advisories
! Public release !
<--#
-= Netsnap Webcam Software Remote Overflow =-
Release date: Thursday, November 16, 2000
Introduction:
Netsnap is a webcam software package for Win95/98/NT/2k which in
addition to filming and picture taking allows the user to directly
publish his/her footage to the web. To do this, Netsnap is equiped with
its own HTTP-server.
Netsnap can be found on vendor Pelesoft's Netsnap site,
http://www.netsnap.com
Problem:
There's a problem in the handling of GET requests by named server. An
unchecked buffer here can be overflowed by a string of approximately 342
bytes, effectively crashing the server and allowing the execution of
arbitrary code.
(..)
Solution:
After discussing this issue with the vendor, Pelesoft have released
version 1.2.9 of their Netsnap software, which eliminates the problem.
Users are encouraged to obtain the new version asap.
yadayadayada
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Steve: "InoculateIT AV Option for MS Exchange Server"
- Previous message: SNS Research: "Rideway PN Telnet DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]