Bugtraq mailing list archives
axis2400 webcams
From: Martin Eiszner <martin () websec org>
Date: Fri, 28 Feb 2003 10:46:12 +0100
2002 () WebSec org/Martin Eiszner ================================== Security REPORT axis webcam 2400.? ================================== this document: http://www.websec.org/adv/axis2400.txt.html Product: Axis Webserver for 2400 ?? Vulnerablities: denial of service, information disclosure, non-confirmed script execution Vendor: Axis (http://www.axis.com) Vendor-Status: E-Mail to "security () axis com" and "anne.rhenman () axis com" date: 17.01.2003 Vendor-Patch: no response (28.02.2003) Local: NO Remote: YES ============ Introduction ============ webcam system including modified boa-webserver and web-based admin-interface ... ===================== Vulnerability Details ===================== 1) INFORMATION DISCLOSURE http-requests to: ---*--- http://server/support/messages ---*--- responds with /var/log/messages. it is not password protected and might disclose sensitive information. 2) DOS / OVERWRITING SYSTEM-FILES requesting: ---*--- http://server/axis-cgi/buffer/command.cgi? buffername=X& prealarm=1& postalarm=1& do=start& uri=/jpg/quad.jpg& format=[bad input] ---*--- allows an attacker to overwrite important files on the system (all fifos for example) leading to an effective DOS-attack. 3) ARBITRARY FILE CREATION a request like: ---*--- /axis-cgi/buffer/command.cgi?whatever params buffername=[relative path to directory] format=[relative path to arbitrary file name] ---*--- will create [relative path to arbitrary file name] or [relative path to a. directory] if somebody is able to change content of error messages he might be able to create and execute arbitrary script-files(php fE.). severity: LOW-MEDIUM ======= Remarks ======= --- ==================== Recommended Hotfixes ==================== software patch. EOF Martin Eiszner / @2002WebSec.org ======= Contact ======= WebSec.org / Martin Eiszner Gurkgasse 49/Top14 1140 Vienna Austria / EUROPE mei () websec org http://www.websec.org
Current thread:
- axis2400 webcams Martin Eiszner (Feb 28)
- RE: axis2400 webcams Barry Zubel (Feb 28)