Axis Network Camera Webserver File Creation

2003-02-28T03:46:12
ID OSVDB:4808
Type osvdb
Reporter Martin Eiszner(martin@websec.org)
Modified 2003-02-28T03:46:12

Description

Vulnerability Description

Axis Network Camera contains a flaw that may allow a malicious user to create arbitrary files. The issue is triggered when calling the 'axis-cgi/buffer/command.cgi' with specific 'buffername' and 'format' parameters in the Web interface. It is possible that the flaw may allow creation of arbitrary files resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Change the lines referring to /axis-cgi/buffer/ from axview to axadmin in '/etc/httpd/conf/boa.conf'

Short Description

Axis Network Camera contains a flaw that may allow a malicious user to create arbitrary files. The issue is triggered when calling the 'axis-cgi/buffer/command.cgi' with specific 'buffername' and 'format' parameters in the Web interface. It is possible that the flaw may allow creation of arbitrary files resulting in a loss of integrity.

Manual Testing Notes

http://[target)/axis-cgi/buffer/command.cgi?whatever params buffername=[relative path to directory] format=[relative path to arbitrary file name] will create [relative path to arbitrary file name] or [relative path to a. directory]

References:

Vendor URL: http://www.axis.com Vendor Specific Advisory URL Secunia Advisory ID:8217 Related OSVDB ID: 4806 Related OSVDB ID: 4807 Mail List Post: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-02/0381.html