28th Feb 2003 [SBWID-6032]
COMMAND
Axis Webcam remote DoS via web server
SYSTEMS AFFECTED
Axis Webserver for 2400, 2100
PROBLEM
Thanks to Martin Eiszner [mei@websec.org] of WebSec.org
[http://www.websec.org] advisory :
1) INFORMATION DISCLOSURE
http-requests to:
---*---
http://server/support/messages
---*---
responds with /var/log/messages. it is not password protected and might
disclose sensitive information.
2) DOS / OVERWRITING SYSTEM-FILES
requesting:
---*---
http://server/axis-cgi/buffer/command.cgi?
buffername=X&
prealarm=1&
postalarm=1&
do=start&
uri=/jpg/quad.jpg&
format=[bad input]
---*---
allows an attacker to overwrite important files on the system (all
fifos for example) leading to an effective DOS-attack.
3) ARBITRARY FILE CREATION
a request like:
---*---
/axis-cgi/buffer/command.cgi?whatever params
buffername=[relative path to directory]
format=[relative path to arbitrary file name]
---*---
will create [relative path to arbitrary file name] or [relative path to
a. directory]
if somebody is able to change content of error messages he might be
able to create and execute arbitrary script-files(php fE.).
SOLUTION
None yet
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
