what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ISS Vulnerability Alert September 1, 1998

ISS Vulnerability Alert September 1, 1998
Posted Sep 4, 1998

There is a vulnerability present in Kolban's Webcam32 v4.5.1 to v4.8.3 beta 3. This vulnerability allows a remote attacker to overflow a buffer that can result in crashing the Webcam32 software, or more seriously to execute code on the system running Webcam32. This allows complete control over a Windows 95/98 system, and user level access to a Windows NT system.

SHA-256 | be3182af3f96ce9bd866967a2e39161d8ed6d0d76033df24df0860d2cd8d8da0

ISS Vulnerability Alert September 1, 1998

Change Mirror Download

From xforce@iss.net Tue Sep 1 18:00:18 1998
From: X-Force <xforce@iss.net>
To: alert@iss.net
Cc: X-Force <xforce@iss.net>
Date: Tue, 1 Sep 1998 13:31:02 -0400 (EDT)
Subject: ISSalert: ISS Vulnerability Alert: Remote Buffer Overflow in the Kolban Webcam32 Program

-----BEGIN PGP SIGNED MESSAGE-----

ISS Vulnerability Alert
September 1, 1998


Remote Buffer Overflow in the Kolban Webcam32 Program

Synopsis:

There is a vulnerability present in Kolban's Webcam32 v4.5.1 to v4.8.3
beta 3. This vulnerability allows a remote attacker to overflow a
buffer that can result in crashing the Webcam32 software, or more
seriously to execute code on the system running Webcam32. This allows
complete control over a Windows 95/98 system, and user level access to
a Windows NT system.


Recommended Action:

Users should upgrade to webcam32 4.8.3 (or newer).

Registered users can download a fixed version of Webcam32 from:
http://www.kolban.com/webcam32/registered/Default.htm
The password to this site is provided as part of the software registration
process for this software.

Unregistered users can download a fixed version of Webcam32 from:
http://www.kolban/com/webcam32/

Network administrators can protect internal machines from an external
attack by filtering all incoming connections to TCP port 25867.


Determining If You Are Vulnerable:

If you are running Webcam32 by Neil Kolban, go to the Help menu and select
'About webcam32'. If the version number is between v4.5.1 and v4.8.3 beta
3, inclusive, your system is vulnerable to this attack.

Network administrators should scan their network for systems listening to
TCP port 25867. Systems listening on this port are likely to be
vulnerable to this attack, although new versions of Webcam32 with the
remote administration feature explicitly enabled on the default port may
also be listening and are not vulnerable.


Description:

The Webcam32 software acts as a stand-alone web server to present
a real-time video feed to a standard web browser. Part of this web server
contains a remote administration feature that allows configuration via
a web browser. The remote administration feature fails to properly check
the input size, allowing a remote attacker to craft a URL that will
overflow an internal buffer on the stack.

Buffer overflows are easily exploited to crash the software containing the
overflow. An experienced attacker can construct (and distribute) an
exploit that will execute arbitrary code on the remote system. Although
this serious attack is less frequently seen on Windows than on Unix
systems, detailed instructions on how to construct this attack for a
Windows application has been distributed by a well-known hacker group.

ISS X-Force expects to see code execution type buffer overflow exploits
on Windows more widely available in the future. As a consequence,
administrators should be especially vigilant in correcting buffer overflow
vulnerabilities.


Additional Information:

This security issue was discovered by David Meltzer (davem@iss.net) of ISS
X-Force. ISS X-Force would like to thank Neil Kolban for his response and
handling of this vulnerability.

_________

Copyright (c) 1998 by Internet Security Systems, Inc.

ISS vulnerability reports are public notifications of vulnerabilities
discovered and researched by the ISS X-Force that have a smaller scope of
impact than vulnerabilities published in an ISS Advisory. Although this
vulnerability is very serious, there is only a small number of vulnerable
systems, limiting the impact this vulnerability may have upon the Internet
as a whole.

Permission is hereby granted for the redistribution of this Vulnerability
Report electronically. It is not to be edited in any way without express
consent of X-Force. If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html as
well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNewuojRfJiV99eG9AQGGlgP/YonsdjL94sFCSOgDyMHKZQGCF8UqDUp6
ybO0mdBLdLn92Z+fBubCA1o20thRx+zw0jEuITB+6rnSyFQw6HaZS1rdMETlH33x
4CWbtrh8vydGbMSleuXAnu9zURMS9q/Ey58/+bqIgqHRqUmDCoqA0zc/eC0SUR7s
rVh5QoSiwaE=
=Pj87
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close