[NT] Multiple Vulnerabilities in Video Cam Server
From: SecuriTeam (support_at_securiteam.com)
Date: 05/02/05
- Previous message: SecuriTeam: "[NT] GlobalScape Secure FTP Server Arbitrary Command Overflow ( Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 2 May 2005 17:22:04 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilities in Video Cam Server
------------------------------------------------------------------------
SUMMARY
" <http://vcs.raybase.com/> Video Cam Server (VCS) is a server for
publishing the image taken from a Video Camera (especially Web Cam)
connected to it. It will be very useful for remote monitoring your home,
office or other environment."
The Video Cam Server product has been found to contain multiple
vulnerabilities including a path disclosure, denial of service and
directory traversal vulnerability.
DETAILS
Vulnerable Systems:
* Video Cam Server version 1.0.0
Path Disclosure:
The a vulnerability in the remote web server allows a user to discover the
path under which the product has been installed by sending it URI request
followed by an encoded space character (%20).
Exploit:
http://[host]/%20
Directory Traversal:
It is possible to traverse outside the bounding HTML root directory by
supplying ".." characters with the request sent to the server.
Exploits:
http://[host]/..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
Or connect to the webserver and send a raw request similar to:
GET /../../../../../../../../../../../windows/system.ini HTTP/1.1
Denial of Service:
It is possible to cause the remote HTTP server to crash by arbitrarily
accessing the administrative control page.
Exploit:
http://[host]/admin.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:fdonato@autistici.org>
Donato Ferrante.
The original article can be found at:
<http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt>
http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] GlobalScape Secure FTP Server Arbitrary Command Overflow ( Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
