lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4231F87C.6060804@securinews.com>
From: seclists at securinews.com (Paul Kurczaba)
Subject: Multiple Vulnerabilities of PY Software Active
	Webcam WebServer

It appers that the server does not use multithreading...

QUOTE START:
Before the administrator press "Cancel" or "Yes",the other request
will be paused,that means the other user cannt Access the HTTP
Server,thus leading to a Denial Of Service
QUOTE END

Sowhat . wrote:
> Multiple Vulnerabilities of PY Software Active Webcam WebServer
> 
> By Sowhat
> 04.Jan.2005
> http://secway.org/advisory/ad20050104.txt
> 
> 
> Product:
> PY Software Active Webcam 5.5
> 
> Vendor:
> PY Software, Inc. 
> 
> (1) Introduction
> Active WebCam is a popular shareware program for capturing video
> streams from video devices for Microsoft Windows platforms.
> For more information: www.pysoft.com
> 
> (2) Details:
> There are multiple vulnerabilities founded in Pysoft Active Webcam
> WebServer,including Denial of Service and Information Disclosure.
> 
> <1> Floppy Disk request Denial of Service
> 
> http://172.16.15.8:8080/A:\a.txt
> This request will force the webcam.exe to access the A:\a.txt,
> And if there is no floppy disk in the A: dirver, the system will popup
> a message like "There is no disk in the drive. Please insert a disk
> into drive A:  ".
> Before the administrator press "Cancel" or "Yes",the other request
> will be paused,that means the other user cannt Access the HTTP
> Server,thus leading to a Denial Of Service.
> 
> <2> Filelist.html Denial of service
> 
> http://172.16.15.8:8080/Filelist.html
> When requesting the filelist.html,the target's CPU usage will be
> 100%,and it seems that Explorer.exe use 95%,I dont know why :)
> 
> <3> Physical path Disclosure
> 
> http://172.16.15.8:8080/a
> The Server will return "The requested file: C:\Program Files\Active
> WebCam\images\a\ was not found."
> 
> <4> File Disclosure
> 
> The http server returns the different result between an existed file
> and a non-exsit file.
> http://172.16.15.8:8080/c:\nonexsit.txt
> the HTTP Server returns "Active WebCam cannot find this file"
> http://172.16.15.8:8080/c:\boot.ini
> the HTTP Server returns "HTTP 403 Forbiden"
> 
> Thus leading to System information disclosure ,and can be used to
> verify whether  some particular software is installed,for example :
> http://172.16.15.8:8080/C:\Snort\bin\snort.exe
> will disclosure whether a snort is installed on the server,and give
> more useful information to the attacker.
> 
> <5> Memory exhaust Denial of service
> 
> It seems that webcam http server cannt correctly release the memory
> and thus lead to a denial of service.
> Simply connect() and send() a http request,webcam.exe will eat at
> least 52k memory,and send the http request thousands times,the system
> will encounter a Memory exhaust.
> The webcam.exe will crash ,or the http server will automaticlly
> continuse restart
> The following information was found in System Event Log, 
> "Access violation at address 00402254 in module 'WebCam.exe'. Write of
> address FE171055."
> "Invalid pointer operation."
> 
> (3) Vendor Reply
> 
> Reported on 2005.03.05,No reply yet.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ