BugTraq
Back to list
|
Post reply
axis2400 webcams
Feb 28 2003 09:46AM
Martin Eiszner (martin websec org)
(2 replies)
2002 (at) WebSec (dot) org [email concealed]/Martin Eiszner
==================================
Security REPORT axis webcam 2400.?
==================================
this document: http://www.websec.org/adv/axis2400.txt.html
Product: Axis Webserver for 2400 ??
Vulnerablities: denial of service, information disclosure, non-confirmed script execution
Vendor: Axis (http://www.axis.com)
Vendor-Status: E-Mail to "security (at) axis (dot) com [email concealed]" and "anne.rhenman (at) axis (dot) com [email concealed]" date: 17.01.2003
Vendor-Patch: no response (28.02.2003)
Local: NO
Remote: YES
============
Introduction
============
webcam system including modified boa-webserver and web-based admin-interface ...
=====================
Vulnerability Details
=====================
1) INFORMATION DISCLOSURE
http-requests to:
---*---
http://server/support/messages
---*---
responds with /var/log/messages.
it is not password protected and might disclose sensitive information.
2) DOS / OVERWRITING SYSTEM-FILES
requesting:
---*---
http://server/axis-cgi/buffer/command.cgi?
buffername=X&
prealarm=1&
postalarm=1&
do=start&
uri=/jpg/quad.jpg&
format=[bad input]
---*---
allows an attacker to overwrite important files on the system (all fifos for example)
leading to an effective DOS-attack.
3) ARBITRARY FILE CREATION
a request like:
---*---
/axis-cgi/buffer/command.cgi?whatever params
buffername=[relative path to directory]
format=[relative path to arbitrary file name]
---*---
will create [relative path to arbitrary file name] or [relative path to a. directory]
if somebody is able to change content of error messages he might be able to create
and execute arbitrary script-files(php fE.).
severity: LOW-MEDIUM
=======
Remarks
=======
---
====================
Recommended Hotfixes
====================
software patch.
EOF Martin Eiszner / @2002WebSec.org
=======
Contact
=======
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE
mei (at) websec (dot) org [email concealed]
http://www.websec.org
[ reply ]
Re: axis2400 webcams
Mar 03 2003 08:23AM
jean-philippe Gaulier (jean-philippe gaulier unilim fr)
RE: axis2400 webcams
Feb 28 2003 05:19PM
Barry Zubel (barry ablebox com)
(1 replies)
Re: axis2400 webcams
Mar 02 2003 12:01AM
Sergio Gelato (Sergio Gelato astro su se)
Privacy Statement
Copyright 2010, SecurityFocus
2002 (at) WebSec (dot) org [email concealed]/Martin Eiszner
==================================
Security REPORT axis webcam 2400.?
==================================
this document: http://www.websec.org/adv/axis2400.txt.html
Product: Axis Webserver for 2400 ??
Vulnerablities: denial of service, information disclosure, non-confirmed script execution
Vendor: Axis (http://www.axis.com)
Vendor-Status: E-Mail to "security (at) axis (dot) com [email concealed]" and "anne.rhenman (at) axis (dot) com [email concealed]" date: 17.01.2003
Vendor-Patch: no response (28.02.2003)
Local: NO
Remote: YES
============
Introduction
============
webcam system including modified boa-webserver and web-based admin-interface ...
=====================
Vulnerability Details
=====================
1) INFORMATION DISCLOSURE
http-requests to:
---*---
http://server/support/messages
---*---
responds with /var/log/messages.
it is not password protected and might disclose sensitive information.
2) DOS / OVERWRITING SYSTEM-FILES
requesting:
---*---
http://server/axis-cgi/buffer/command.cgi?
buffername=X&
prealarm=1&
postalarm=1&
do=start&
uri=/jpg/quad.jpg&
format=[bad input]
---*---
allows an attacker to overwrite important files on the system (all fifos for example)
leading to an effective DOS-attack.
3) ARBITRARY FILE CREATION
a request like:
---*---
/axis-cgi/buffer/command.cgi?whatever params
buffername=[relative path to directory]
format=[relative path to arbitrary file name]
---*---
will create [relative path to arbitrary file name] or [relative path to a. directory]
if somebody is able to change content of error messages he might be able to create
and execute arbitrary script-files(php fE.).
severity: LOW-MEDIUM
=======
Remarks
=======
---
====================
Recommended Hotfixes
====================
software patch.
EOF Martin Eiszner / @2002WebSec.org
=======
Contact
=======
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE
mei (at) websec (dot) org [email concealed]
http://www.websec.org
[ reply ]