Netsnap Webcam Software Remote Overflow

2000-11-16T00:00:00
ID SECURITYVULNS:DOC:936
Type securityvulns
Reporter Securityvulns
Modified 2000-11-16T00:00:00

Description

Strumpf Noir Society Advisories ! Public release ! <--#

-= Netsnap Webcam Software Remote Overflow =-

Release date: Thursday, November 16, 2000

Introduction:

Netsnap is a webcam software package for Win95/98/NT/2k which in addition to filming and picture taking allows the user to directly publish his/her footage to the web. To do this, Netsnap is equiped with its own HTTP-server.

Netsnap can be found on vendor Pelesoft's Netsnap site, http://www.netsnap.com

Problem:

There's a problem in the handling of GET requests by named server. An unchecked buffer here can be overflowed by a string of approximately 342 bytes, effectively crashing the server and allowing the execution of arbitrary code.

(..)

Solution:

After discussing this issue with the vendor, Pelesoft have released version 1.2.9 of their Netsnap software, which eliminates the problem. Users are encouraged to obtain the new version asap.

yadayadayada

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html) compliant, all information is provided on AS IS basis. EOF, but Strumpf Noir Society will return!