SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   wMCam Server Vendors:   Invicta
wMCam Server Lets Remote Users Deny Service With Many Connections
SecurityTracker Alert ID:  1009367
SecurityTracker URL:  http://securitytracker.com/id/1009367
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 10 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.1.348
Description:   Donato Ferrante reported a vulnerability in wMCam Server. A remote user can cause the server to stop accepting new connections.

It is reported that a remote user can open approximately 300 connections with a small amount of data sent (but not an HTTP GET request) over each connection to cause the service to fail to accept new connections. According to the report, the current connections will continue to be serviced.

Impact:   A remote user can cause the target web camera service to stop accepting connections.
Solution:   The vendor has released a fixed version (2.1.354), available at:

http://www.invicta.se/html/download.htm

Vendor URL:  www.invicta.se/html/products.htm (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.autistici.org/fdonato/advisory/wMCamServer2.1.348-adv.txt


                            Donato Ferrante


Application:  wMCam server
               http://www.invicta.se

Version:      2.1.348

Bug:          Denial Of Service

Author:       Donato Ferrante
               e-mail: fdonato@autistici.org
               web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"wMCam server turns your computer into a Webcam Server."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The server is not able to manage a lot of not regular connections, in
fact it will stay up but it will not accept new connections.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability establish about 300 connections with the
server and send for each of these a little amount of data like:

"test_string"


NOTE: the data sent to the server must not contain the 'GET'.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Bug fixed in the version 2.1.354.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC