full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Secunia Research: AXIS

Re: [Full-disclosure] Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow

From: Castigliola, Angelo <ACastigliola_at_nospam>
Date: Fri Jan 23 2009 - 15:46:48 GMT
To: "M.B.Jr." <marcio.barbado@gmail.com>, "Secunia Research" <remove-vuln@secunia.com>, <full-disclosure@lists.grok.org.uk>


There seems to be a lot of security problems with these camera systems being configured incorrectly by vendors setting them up for mom and pop shops and home users. It would be interesting to start looking into this particular problem more closely since nearly all of the camera systems have a web service front end and the manufactures are normally slow to patch and retro-patching camera systems that have already been deployed is rare.

I'm considering creating a website to start listing these systems out along with any default logins, google searches, and of course remote and local exploits. I would imagine a lot of the web services are vulnerable to XSS techniques. The mail goal would be to establish a process for responsible disclosure to vendors and customers\public for these types of poorly secured systems.

I would appreciate any information anyone may have handy. Send me an email offline.

Thanks in advance,
Angelo Castigliola III
EISRM - Application Security Architecture Unum
acastigliola@unum.com

-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of M.B.Jr. Sent: Friday, January 23, 2009 9:33 AM
To: Secunia Research
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow

So, concerning the exploitation achievement, which would be the worst consequence,
forget about that heap memory overflow and just worry about tricking the user into loading malicious web content.

Easier, huh?

On Fri, Jan 23, 2009 at 6:59 AM, Secunia Research <remove-vuln@secunia.com> wrote:
> ======================================================================
>
> Secunia Research 23/01/2009
>
> - AXIS Camera Control "image_pan_tilt" Property Buffer Overflow -
>
> ======================================================================
> ======================================================================
> 4) Description of Vulnerability
>
> The vulnerability is caused due to a boundary error in the
> CamImage.CamImage.1 ActiveX control (AxisCamControl.ocx) and can be
> exploited to cause a heap-based buffer overflow by assigning an overly
> long string to the "image_pan_tilt" property.
>
> Successful exploitation allows execution of arbitrary code, but
> requires that the user is tricked into visiting and clicking a
> malicious web page.
>
> ======================================================================
-- Marcio Barbado, Jr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/