---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: Active Webcam Denial of Service and Local File Detection SECUNIA ADVISORY ID: SA14553 VERIFY ADVISORY: http://secunia.com/advisories/14553/ CRITICAL: Moderately critical IMPACT: Exposure of system information, DoS WHERE: >From remote SOFTWARE: Active Webcam 5.x http://secunia.com/product/4771/ DESCRIPTION: Sowhat has reported two vulnerabilities and a weakness in Active Webcam, which can be exploited by malicious people to cause a DoS (Denial of Service) and detect the presence of local files. 1) An input validation error can be exploited to cause a vulnerable server to become unaccessible by requesting a specially crafted file. Example: http://[victim]:8080/A:\a.txt The vulnerability has been confirmed in version 5.5. Other versions may also be affected. 2) Different error messages are returned to users depending on whether a given file exists or not. This can be exploited to detect the presence of local files. Example: http://[victim]:8080/c:\test.txt It is also possible to disclose the full installation path by requesting a non-existing file. The weakness has been confirmed in version 5.5. Other versions may also be affected. 3) An error in the HTTP communication handling can be exploited to crash a vulnerable service by sending a large amount of HTTP requests (more than 1000). The vulnerability has been reported in version 5.5. Other versions may also be affected. SOLUTION: Filter traffic to the HTTP server or use another product. PROVIDED AND/OR DISCOVERED BY: Sowhat ORIGINAL ADVISORY: http://secway.org/advisory/ad20050104.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------