Bugtraq mailing list archives
[NEWS] Vulnerability in CamShot server (Authorization)
From: Aviram Jenik <aviram () BEYONDSECURITY COM>
Date: Fri, 15 Sep 2000 13:58:28 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com Vulnerability in CamShot server (Authorization) ---------------------------------------------------------------------------- SUMMARY CamShot is a web server that serves up web pages containing time stamped images captured from a video camera. This product contains a remotely exploitable security vulnerability that allows a remote attacker to gain elevated privileges on the remote system. DETAILS Vulnerable Versions: CamShot 2.6 trial version ( <http://broadgun.com/camsht26.exe> ) Example: GET / HTTP/1.1<enter> Authorization: Basic ['a'x325]<enter><enter> Since the server crashes in a way that enables attackers to execute arbitrary code, this vulnerability is quite dangerous. Vendor: Vendor has been contacted Saturday, August 26, 2000. No response has been received. ADDITIONAL INFORMATION The security hole was discovered by <mailto:expert () securiteam com> Beyond Security's SecuriTeam. ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ==================== -- Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com
Current thread:
- [NEWS] Vulnerability in CamShot server (Authorization) Aviram Jenik (Sep 15)