| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jan 2009 10:46:48 -0500 From: "Castigliola, Angelo" <ACastigliola@...M.COM> To: "M.B.Jr." <marcio.barbado@...il.com>, "Secunia Research" <remove-vuln@...unia.com>, <full-disclosure@...ts.grok.org.uk> Subject: Re: Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow There seems to be a lot of security problems with these camera systems being configured incorrectly by vendors setting them up for mom and pop shops and home users. It would be interesting to start looking into this particular problem more closely since nearly all of the camera systems have a web service front end and the manufactures are normally slow to patch and retro-patching camera systems that have already been deployed is rare. I'm considering creating a website to start listing these systems out along with any default logins, google searches, and of course remote and local exploits. I would imagine a lot of the web services are vulnerable to XSS techniques. The mail goal would be to establish a process for responsible disclosure to vendors and customers\public for these types of poorly secured systems. I would appreciate any information anyone may have handy. Send me an email offline. Thanks in advance, Angelo Castigliola III EISRM - Application Security Architecture Unum acastigliola@...m.com -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of M.B.Jr. Sent: Friday, January 23, 2009 9:33 AM To: Secunia Research Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow So, concerning the exploitation achievement, which would be the worst consequence, forget about that heap memory overflow and just worry about tricking the user into loading malicious web content. Easier, huh? On Fri, Jan 23, 2009 at 6:59 AM, Secunia Research <remove-vuln@...unia.com> wrote: > ====================================================================== > > Secunia Research 23/01/2009 > > - AXIS Camera Control "image_pan_tilt" Property Buffer Overflow - > > ====================================================================== > ====================================================================== > 4) Description of Vulnerability > > The vulnerability is caused due to a boundary error in the > CamImage.CamImage.1 ActiveX control (AxisCamControl.ocx) and can be > exploited to cause a heap-based buffer overflow by assigning an overly > long string to the "image_pan_tilt" property. > > Successful exploitation allows execution of arbitrary code, but > requires that the user is tricked into visiting and clicking a > malicious web page. > > ====================================================================== -- Marcio Barbado, Jr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists