|Main Archive Page > Month Archives > full-disclosure-uk archives|
There seems to be a lot of security problems with these camera systems being configured incorrectly by vendors setting them up for mom and pop shops and home users. It would be interesting to start looking into this particular problem more closely since nearly all of the camera systems have a web service front end and the manufactures are normally slow to patch and retro-patching camera systems that have already been deployed is rare.
I'm considering creating a website to start listing these systems out along with any default logins, google searches, and of course remote and local exploits. I would imagine a lot of the web services are vulnerable to XSS techniques. The mail goal would be to establish a process for responsible disclosure to vendors and customers\public for these types of poorly secured systems.
I would appreciate any information anyone may have handy. Send me an email offline.
Thanks in advance,
Angelo Castigliola III
EISRM - Application Security Architecture Unum
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of M.B.Jr. Sent: Friday, January 23, 2009 9:33 AM
To: Secunia Research
Subject: Re: [Full-disclosure] Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow
So, concerning the exploitation achievement, which would be the worst
forget about that heap memory overflow and just worry about tricking the user into loading malicious web content.
On Fri, Jan 23, 2009 at 6:59 AM, Secunia Research
> Secunia Research 23/01/2009
> - AXIS Camera Control "image_pan_tilt" Property Buffer Overflow -
> 4) Description of Vulnerability
> The vulnerability is caused due to a boundary error in the
> CamImage.CamImage.1 ActiveX control (AxisCamControl.ocx) and can be
> exploited to cause a heap-based buffer overflow by assigning an overly
> long string to the "image_pan_tilt" property.
> Successful exploitation allows execution of arbitrary code, but
> requires that the user is tricked into visiting and clicking a
> malicious web page.
-- Marcio Barbado, Jr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/