Webcam Watchdog Web Interface Overflow

2004-01-05T09:21:08
ID OSVDB:3312
Type osvdb
Reporter OSVDB
Modified 2004-01-05T09:21:08

Description

Vulnerability Description

A remote overflow exists in Webcam Watchdog. The web interface fails to perform proper boundary checking, with a specially crafted request an attacker can trigger an overflow which may allow for arbitrary code execution resulting in a loss of confidentiality & integrity.

Technical Description

A boundary error in the web interface used for remote viewing can be exploited by sending an overly long HTTP GET request to it.

This flaw can be exploited regardless of whether the internal Webcam Watchdog web interface password protection is set or not.

Solution Description

Upgrade to version 3.64 or higher, as it has been reported to fix this vulnerability. However the vendor has not confirmed these findings. It is also possible to correct the flaw by implementing the following workaround(s): 1.) Restrict access to the web interface, allowing only trusted IP addresses to connect.

2.) Disable the remote viewing web interface.

Short Description

A remote overflow exists in Webcam Watchdog. The web interface fails to perform proper boundary checking, with a specially crafted request an attacker can trigger an overflow which may allow for arbitrary code execution resulting in a loss of confidentiality & integrity.

Manual Testing Notes

The following request would cause the saved base pointer to be overwritten with 42424242h, and the saved return address to be overwritten with 58585858h:

GET /('a'x234)('BBBB')('XXXX') HTTP/1.1 User-Agent: WCSAXRView Host: 127.0.0.1 Cache-Control: no-cache

References:

Secunia Advisory ID:10527 Other Advisory URL: http://www.elitehaven.net/webcamwatchdog.txt Generic Informational URL: http://www.webcamsoft.com/en/watchdog.html Generic Exploit URL: http://www.elitehaven.net/wcwdpoc.pl