Web server vulnerability in Axis Network Cameras, Video Servers and DVRs

From: Axis Product Security (product-securityat_private)
Date: Fri Dec 20 2002 - 08:22:23 PST

Next message: NGSSoftware Insight Security Research: "[VulnWatch] RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)"

Previous message: Michal Zalewski: "[RAZOR] Problems with mkstemp()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 20 December 2002


1. Topic

Web server vulnerability in Axis Network Cameras, Video Servers and 
Network Digital Video Recorders.


2. Description

A potential stack buffer overflow has been found in the authentication 
code of the modified version of Boa used in some of the embedded 
Linux based Axis products, which may result in DoS attacks, or in a 
potential system compromise. 

Note: this vulnerability is not present in the official boa distribution
available from <URL:http://www.boa.org/>.


3. Affected products

Axis 2100/2110/2120/2420 Network Camera - Firmware Release 2.33 and
below
Axis 2130 PTZ Network Camera - Firmware Release 2.32
Axis 2400/2401 Video Server - Firmware Release 2.33 and below
Axis 2460 Network DVR - Firmware Release 3.00
Axis 2490 Serial Server - Firmware Release 2.10
Axis 250S MPEG-2 Video Server - Firmware Release 3.01


4. Solution

The part of the authentication code where the buffer overflow may arise 
has been corrected and is included in new firmware releases for all 
affected products.


5. Releases

Axis 2100 Network Camera (2.33.1)
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/

Axis 2110 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/

Axis 2120 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/

Axis 2420 Network Camera (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/

Axis 2130 PTZ Network Camera (2.32.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/

Axis 2400 Video Server (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/

Axis 2401 Video Server (2.33.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/

Axis 250S MPEG-2 Video Server (3.02 RC1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/

Axis 2460 Network Digital Video Recorder (3.01) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/

Axis 2490 Serial Server (2.11.1) 
 - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/

Axis Developer Board LX 
Axis Device Server Platform
Axis Developer Board for Bluetooth
 - http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz


6. Acknowledgement


Thanks to D.C. van Moolenbroek (dcvmooleat_private) and M.C. Schrijver 
(m.c.schrijverat_private) for disclosing this
vulnerability to Axis Communications AB.

Next message: NGSSoftware Insight Security Research: "[VulnWatch] RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)"
Previous message: Michal Zalewski: "[RAZOR] Problems with mkstemp()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 19:57:36 PST