Denial of service in Getware's built-in webserver (Webcam Live and Photohost)

• Previous message: Luigi Auriemma: "Resources consumption in Goahead webserver <= 2.1.8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 19 Jan 2004 18:46:22 +0000
To: bugtraq@securityfocus.com

#######################################################################

                             Luigi Auriemma

Application: Getware's built-in webserver
              http://www.getware.com
Versions: WebCam Live <= 2.01
              Photohost <= 4.0
Platforms: Windows
Bug: Denial of service
Risk: medium
Exploitation: remote
Date: 19 Jan 2004
Author: Luigi Auriemma
              e-mail: aluigi@altervista.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

WebCam Live and Photohost are 2 shareware programs used to share webcam
streams and photo albums through the web.
The web functions are managed by a built-in webserver that is the same
for both the programs.

#######################################################################

======
2) Bug
======

The bug is in the management of the value of the Content-Length
parameter sent by the client to the built-in webserver.
If this value is negative (or major than 2147483647 that is the same)
the webserver will show an "Out of memory" MessageBox but will continue
to run without problems.

The problems arrive after less than 300 of these errors (so 300
connections with the value -1) when the server will crash definitely.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/wcamdos.zip

#######################################################################

======
4) Fix
======

No fix.
The vendor has not answered to my signalations.

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

• Previous message: Luigi Auriemma: "Resources consumption in Goahead webserver <= 2.1.8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-disclosure] directory traversal in SimpleCam 1.2 ... The bug ... The fix ... "SimpleCam is an easy to use webcam software product. ... The program has a built-in webserver that is not able to manage ... (Full-Disclosure) directory traversal in SimpleCam 1.2 ... The bug ... The fix ... "SimpleCam is an easy to use webcam software product. ... The program has a built-in webserver that is not able to manage ... (Bugtraq) please pull from the trivial tree ... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ... (Linux-Kernel) Subterrane v0.194 Alpha Released ... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ... (rec.games.roguelike.announce) [Un] Unangband 0.6.2-wip7a has been released ... This release is mostly a bug fix revision to wip7, however, I was able to sneak ... The player only suffers a monster disease if the monster disease state isn't ... Fix up some animal speech sayings. ... (rec.games.roguelike.angband)