SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Multimedia)  >  Axis Network Camera Vendors:  Axis Communications
Axis Network Camera and Other Devices May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005846
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 22 2002
Impact:  Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): Axis 2100/2110/2120/2420 Network Camera (Firmware Release 2.33 and prior), Axis 2130 PTZ Network Camera (Firmware Release 2.32),
Description:  A buffer overflow vulnerability was reported in the web authentication component of several Axis products, including the Axis Network Camera, Video Server, Network DVR, Serial Server, and MPEG-2.

A remote user can connect to the web server component and supply a specially crafted request to trigger a potential stack buffer overflow. This could result in a server crash or execution of arbitrary code.

The flaw reportedly resides in the modified version of Boa used in some of the Axis products. According to the vendor's report, the flaw does not exist in the official Boa distribution available from <URL:http://www.boa.org/>.

No further details were provided.
Impact:  A remote user may be able to execute arbitrary code on the device.
Solution:  The vendor has released the following fixes.

Axis 2100 Network Camera (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/


Axis 2110 Network Camera (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/


Axis 2120 Network Camera (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/ sr/


Axis 2420 Network Camera (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/


Axis 2130 PTZ Network Camera (2.32.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/


Axis 2400 Video Server (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/


Axis 2401 Video Server (2.33.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/


Axis 250S MPEG-2 Video Server (3.02 RC1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_ 250s/release_candidate/3_02/


Axis 2460 Network Digital Video Recorder (3.01):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/


Axis 2490 Serial Server (2.11.1):

ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/


Axis Developer Board LX:
Axis Device Server Platform:
Axis Developer Board for Bluetooth:

http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz
Vendor URL:  www.axis.com/ (Links to External Site)
Cause:  Boundary error
Reported By:  Axis Product Security <product-security@axis.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 20 Dec 2002 17:22:23 +0100
From:  Axis Product Security <product-security@axis.com>
Subject:  Web server vulnerability in Axis Network Cameras, Video Servers and DVRs

 

Date: 20 December 2002


1. Topic

Web server vulnerability in Axis Network Cameras, Video Servers and 
Network Digital Video Recorders.


2. Description

A potential stack buffer overflow has been found in the authentication 
code of the modified version of Boa used in some of the embedded 
Linux based Axis products, which may result in DoS attacks, or in a 
potential system compromise. 

Note: this vulnerability is not present in the official boa distribution
available from <URL:http://www.boa.org/>.


3. Affected products

Axis 2100/2110/2120/2420 Network Camera - Firmware Release 2.33 and
below
Axis 2130 PTZ Network Camera - Firmware Release 2.32
Axis 2400/2401 Video Server - Firmware Release 2.33 and below
Axis 2460 Network DVR - Firmware Release 3.00
Axis 2490 Serial Server - Firmware Release 2.10
Axis 250S MPEG-2 Video Server - Firmware Release 3.01


4. Solution

The part of the authentication code where the buffer overflow may arise 
has been corrected and is included in new firmware releases for all 
affected products.


5. Releases

Axis 2100 Network Camera (2.33.1)
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/

Axis 2110 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/

Axis 2120 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/

Axis 2420 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/

Axis 2130 PTZ Network Camera (2.32.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/

Axis 2400 Video Server (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/

Axis 2401 Video Server (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/

Axis 250S MPEG-2 Video Server (3.02 RC1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/

Axis 2460 Network Digital Video Recorder (3.01) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/

Axis 2490 Serial Server (2.11.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/

Axis Developer Board LX 
Axis Device Server Platform
Axis Developer Board for Bluetooth
 - http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz


6. Acknowledgement


Thanks to D.C. van Moolenbroek (dcvmoole@cs.vu.nl) and M.C. Schrijver 
(m.c.schrijver@student.utwente.nl) for disclosing this
vulnerability to Axis Communications AB.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC