Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Axis Network Camera and Video Server Security Advisory

from [product-security] Network Security [Permanent Link]
Subject: [Full-Disclosure] Axis Network Camera and Video Server Security Advisory
Date: Tue, 31 Aug 2004 17:23:57 +0200 
1. Topic

Security issues have been identified that allows an attacker to
compromise Axis Network Cameras, Video Servers, Serial Servers and
Network Digital Video Recorders.

2. Description

The first issue allows arbitrary shell command execution via HTTP
requests due to erroneous shell command and parameter expansion.

The second issue allows circumvention of HTTP authentication when
accessing the ServerManager.srv administrative resource. This allows a
remote attacker to modify configuration settings nominally requiring
administrative privileges.

Reference BugTraq id 11011. http://www.securityfocus.com/bid/11011

Note that the StorPoint CD-E100 hardcoded password vulnerability also
reported was fixed in firmware release 5.33 issued November 12,
2001. Please see
ftp://ftp.axis.com/pub_soft/cd_srv/cde_100/5_33/cde100_533.txt for
further details.

3. Affected products

Axis 2100/2110/2120/2420/2130 Network Camera - Firmware Release 2.40 and
below
Axis 2400+/2401+/2411 Video Server - Firmware Release 3.12 and below
Axis 2460 Network DVR - Firmware Release 3.11 and below
Axis 2490 Serial Server - Firmware Release 2.11.3 and below
Axis 230 MPEG-2 Network Camera - Firmware Release 3.11 and below
Axis 250S MPEG-2 Video Server - Firmware Release 3.10 and below
Axis 2400/2401 Video Server - Firmware Release 2.34 and below

4. Solution

The vulnerable applications have been corrected and are included in new
firmware releases for all affected products.

5. Releases

Release candidates for the corrected firmware releases are available
for download now. Production releases will be available shortly.

Axis 2100 Network Camera (2.42)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/release_candidate/2_42/

Axis 2110 Network Camera (2.42)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/release_candidate/2_42/

Axis 2120 Network Camera (2.42) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/release_candidate/2_42/

Axis 2420 Network Camera (2.42) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/release_candidate/2_42/

Axis 2130 PTZ Network Camera (2.42) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/release_candidate/2_42/

Axis 2400+ Video Server (3.13) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/

Axis 2400+ Blade Video Server (3.13) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400pb/release_candidate/3_13/

Axis 2401+ Video Server (3.13) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401p/release_candidate/3_13/

Axis 2401+ Blade Video Server (3.13) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401pb/release_candidate/3_13/

Axis 2411 Video Server (3.13)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2411/release_candidate/3_13/

Axis 2460 Network Digital Video Recorder (3.13)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/release_candidate/3_13/

Axis 2490 Serial Server (2.12) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/release_candidate/2_12/

Axis 230 MPEG-2 Network Camera (3.20)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_230/release_candidate/3_20/

Axis 250S MPEG-2 Video Server (3.20) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_20/

Axis 2400 Video Server (2.34.1) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/

Axis 2401 Video Server (2.34.1) 
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/2_34_1/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Axis Network Camera and Video Server Security Advisory, product-security <=
Previous by Date:  D-Link DCS-900 IP camera remote exploit that change the IP, Jérôme
Next by Date:  Linux OpenExchange - cleartext rootpw in swap, Rene
Previous by Thread:  D-Link DCS-900 IP camera remote exploit that change the IP, Jérôme
Next by Thread:  Linux OpenExchange - cleartext rootpw in swap, Rene
Indexes:  [Date] [Thread] [Top] [All Lists]