lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040119184622.6185ef9f.aluigi@altervista.org>
Date: Mon, 19 Jan 2004 18:46:22 +0000
From: Luigi Auriemma <aluigi@...ervista.org>
To: bugtraq@...urityfocus.com
Subject: Denial of service in Getware's built-in webserver (Webcam Live and
 Photohost)



#######################################################################

                             Luigi Auriemma

Application:  Getware's built-in webserver
              http://www.getware.com
Versions:     WebCam Live <= 2.01
              Photohost <= 4.0
Platforms:    Windows
Bug:          Denial of service
Risk:         medium
Exploitation: remote
Date:         19 Jan 2004
Author:       Luigi Auriemma
              e-mail: aluigi@...ervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


WebCam Live and Photohost are 2 shareware programs used to share webcam
streams and photo albums through the web.
The web functions are managed by a built-in webserver that is the same
for both the programs.


#######################################################################

======
2) Bug
======


The bug is in the management of the value of the Content-Length
parameter sent by the client to the built-in webserver.
If this value is negative (or major than 2147483647 that is the same)
the webserver will show an "Out of memory" MessageBox but will continue
to run without problems.

The problems arrive after less than 300 of these errors (so 300
connections with the value -1) when the server will crash definitely.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/wcamdos.zip


#######################################################################

======
4) Fix
======


No fix.
The vendor has not answered to my signalations.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ