TUCoPS :: Web :: General :: sb6032.htm

Axis Webcam remote DoS via web server
28th Feb 2003 [SBWID-6032]
COMMAND

	Axis Webcam remote DoS via web server

SYSTEMS AFFECTED

	Axis Webserver for 2400, 2100

PROBLEM

	Thanks   to    Martin    Eiszner    [mei@websec.org]    of    WebSec.org
	[http://www.websec.org] advisory :
	
	 1) INFORMATION DISCLOSURE
	
	http-requests to:
	
	---*---
	http://server/support/messages
	---*---
	
	responds with /var/log/messages. it is not password protected and  might
	disclose sensitive information.
	
	 2) DOS / OVERWRITING SYSTEM-FILES
	
	requesting:
	
	---*---
	http://server/axis-cgi/buffer/command.cgi?
	buffername=X&
	prealarm=1&
	postalarm=1&
	do=start&
	uri=/jpg/quad.jpg&
	format=[bad input]
	---*---
	
	allows an attacker to overwrite  important  files  on  the  system  (all
	fifos for example) leading to an effective DOS-attack.
	
	
	 3) ARBITRARY FILE CREATION
	
	a request like:
	
	---*---
	/axis-cgi/buffer/command.cgi?whatever params
	buffername=[relative path to directory]
	format=[relative path to arbitrary file name]
	---*---
	
	will create [relative path to arbitrary file name] or [relative path  to
	a. directory]
	
	if somebody is able to change content of  error  messages  he  might  be
	able to create and execute arbitrary script-files(php fE.).

SOLUTION

	None yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH