PDA

Bekijk Volledige Versie : Web server vulnerability in Axis Network Cameras, Video Servers and DVRs



Axis Product Security
21/12/02, 01:01
Date: 20 December 2002


1. Topic

Web server vulnerability in Axis Network Cameras, Video Servers and
Network Digital Video Recorders.


2. Description

A potential stack buffer overflow has been found in the authentication
code of the modified version of Boa used in some of the embedded
Linux based Axis products, which may result in DoS attacks, or in a
potential system compromise.

Note: this vulnerability is not present in the official boa distribution
available from <URL:http://www.boa.org/>.


3. Affected products

Axis 2100/2110/2120/2420 Network Camera - Firmware Release 2.33 and
below
Axis 2130 PTZ Network Camera - Firmware Release 2.32
Axis 2400/2401 Video Server - Firmware Release 2.33 and below
Axis 2460 Network DVR - Firmware Release 3.00
Axis 2490 Serial Server - Firmware Release 2.10
Axis 250S MPEG-2 Video Server - Firmware Release 3.01


4. Solution

The part of the authentication code where the buffer overflow may arise
has been corrected and is included in new firmware releases for all
affected products.


5. Releases

Axis 2100 Network Camera (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/

Axis 2110 Network Camera (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/

Axis 2120 Network Camera (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/

Axis 2420 Network Camera (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/

Axis 2130 PTZ Network Camera (2.32.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/

Axis 2400 Video Server (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/

Axis 2401 Video Server (2.33.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/

Axis 250S MPEG-2 Video Server (3.02 RC1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/

Axis 2460 Network Digital Video Recorder (3.01)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/

Axis 2490 Serial Server (2.11.1)
- ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/

Axis Developer Board LX
Axis Device Server Platform
Axis Developer Board for Bluetooth
- http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz


6. Acknowledgement


Thanks to D.C. van Moolenbroek (dcvmoole@cs.vu.nl) and M.C. Schrijver
(m.c.schrijver@student.utwente.nl) for disclosing this
vulnerability to Axis Communications AB.