|
The following security advisory is sent to the securiteam mailing list, and
can be found at the SecuriTeam web site: http://www.securiteam.com
Vulnerability in CamShot server (Authorization)
----------------------------------------------------------------------------
SUMMARY
CamShot is a web server that serves up web pages containing time stamped
images captured from a video camera. This product contains a remotely
exploitable security vulnerability that allows a remote attacker to gain
elevated privileges on the remote system.
DETAILS
Vulnerable Versions:
CamShot 2.6 trial version ( <http://broadgun.com/camsht26.exe> )
Example:
GET / HTTP/1.1<enter>
Authorization: Basic ['a'x325]<enter><enter>
Since the server crashes in a way that enables attackers to execute
arbitrary code, this vulnerability is quite dangerous.
Vendor:
Vendor has been contacted Saturday, August 26, 2000. No response has been
received.
ADDITIONAL INFORMATION
The security hole was discovered by <mailto:expert@securiteam.com> Beyond
Security's SecuriTeam.
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
====================
--
Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
|
