[17665] in bugtraq
Netsnap Webcam Software Remote Overflow
daemon@ATHENA.MIT.EDU (SNS Research)
Thu Nov 16 12:54:45 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A1318D6.5BF2F987@greyhack.com>
Date: Thu, 16 Nov 2000 00:14:31 +0100
Reply-To: SNS Research <vuln-dev@GREYHACK.COM>
From: SNS Research <vuln-dev@GREYHACK.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Strumpf Noir Society Advisories
! Public release !
<--#
-= Netsnap Webcam Software Remote Overflow =-
Release date: Thursday, November 16, 2000
Introduction:
Netsnap is a webcam software package for Win95/98/NT/2k which in
addition to filming and picture taking allows the user to directly
publish his/her footage to the web. To do this, Netsnap is equiped with
its own HTTP-server.
Netsnap can be found on vendor Pelesoft's Netsnap site,
http://www.netsnap.com
Problem:
There's a problem in the handling of GET requests by named server. An
unchecked buffer here can be overflowed by a string of approximately 342
bytes, effectively crashing the server and allowing the execution of
arbitrary code.
(..)
Solution:
After discussing this issue with the vendor, Pelesoft have released
version 1.2.9 of their Netsnap software, which eliminates the problem.
Users are encouraged to obtain the new version asap.
yadayadayada
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
