[UNIX] Web server vulnerability in Axis Network Cameras, Video Servers and Network Digital Video Recorders
From: support@securiteam.com
Date: 12/26/02
- Previous message: support@securiteam.com: "[NEWS] Cisco Vulnerable to SSH Malformed Packet Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 27 Dec 2002 00:01:05 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
Web server vulnerability in Axis Network Cameras, Video Servers and
Network Digital Video Recorders
------------------------------------------------------------------------
SUMMARY
A potential stack buffer overflow has been found in the authentication
code of the modified version of Boa used in some of the embedded Linux
based Axis products, which may result in DoS attacks, or in a potential
system compromise.
DETAILS
Affected products:
* Axis 2100/2110/2120/2420 Network Camera - Firmware Release 2.33 and
below
* Axis 2130 PTZ Network Camera - Firmware Release 2.32
* Axis 2400/2401 Video Server - Firmware Release 2.33 and below
* Axis 2460 Network DVR - Firmware Release 3.00
* Axis 2490 Serial Server - Firmware Release 2.10
* Axis 250S MPEG-2 Video Server - Firmware Release 3.01
Note: this vulnerability is not present in the official boa distribution
available from <http://www.boa.org/> http://www.boa.org/.
Solution:
The part of the authentication code where the buffer overflow may arise
has been corrected and is included in new firmware releases for all
affected products.
Releases:
* Axis 2100 Network Camera (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/
* Axis 2110 Network Camera (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/
* Axis 2120 Network Camera (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/
* Axis 2420 Network Camera (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/
* Axis 2130 PTZ Network Camera (2.32.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/
* Axis 2400 Video Server (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/
* Axis 2401 Video Server (2.33.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/
* Axis 250S MPEG-2 Video Server (3.02 RC1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/
* Axis 2460 Network Digital Video Recorder (3.01) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/
* Axis 2490 Serial Server (2.11.1) -
<ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/>
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/
* Axis Developer Board LX
* Axis Device Server Platform
* Axis Developer Board for Bluetooth -
<http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz>
http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz
ADDITIONAL INFORMATION
The information has been provided by <mailto:product-security@axis.com>
Axis Product Security, the vulnerability was discovered by
<mailto:dcvmoole@cs.vu.nl> D.C. van Moolenbroek and
<mailto:m.c.schrijver@student.utwente.nl> M.C. Schrijver.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[REVS] Session Fixation Vulnerability in Web-based Applications"
- Previous message: support@securiteam.com: "[NEWS] Cisco Vulnerable to SSH Malformed Packet Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
