CVE-2008-2654

Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572	Exploit
http://marc.info/?l=oss-security&m=121311577731820&w=2
http://marc.info/?l=oss-security&m=121314089321816&w=2
http://marc.info/?l=oss-security&m=121314329424538&w=2	Exploit
http://marc.info/?l=oss-security&m=121314471626034&w=2
http://secunia.com/advisories/30544	Vendor Advisory
http://secunia.com/advisories/30864
http://security.gentoo.org/glsa/glsa-200807-02.xml
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff	Exploit
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff	Exploit
http://www.securityfocus.com/bid/29636	Patch
http://www.vupen.com/english/advisories/2008/1796
https://exchange.xforce.ibmcloud.com/vulnerabilities/42979

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lavrsen:motion::::::::
	cpe:2.3:a:lavrsen:motion:3.1.17:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.18:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.19:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.20:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.1:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.2:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.3:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.4:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.5:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.6:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.7:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.8:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.9:::::::*

History

No history.

Information

Published : 2008-06-13 18:41

Updated : 2017-08-08 01:31

NVD link : CVE-2008-2654

Mitre link : CVE-2008-2654

CVE.ORG link : CVE-2008-2654

JSON object : View

Products Affected

lavrsen

motion

CWE

CWE-189

Numeric Errors

{"id": "CVE-2008-2654", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-13T18:41:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=oss-security&m=121311577731820&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=oss-security&m=121314089321816&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=oss-security&m=121314329424538&w=2", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=oss-security&m=121314471626034&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30544", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30864", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200807-02.xml", "source": "cve@mitre.org"}, {"url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29636", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1796", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42979", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler."}, {"lang": "es", "value": "Error de superaci\u00f3n del l\u00edmite (off-by-one) en la funci\u00f3n read_client en webhttpd.c en Motion 3.2.10 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n larga al interfaz Motion HTTP Control, que dispara un desbordamiento de b\u00fafer basado en pila en algunas combinaciones de arquitectura de procesador y compilador."}], "lastModified": "2017-08-08T01:31:12.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lavrsen:motion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBD0F21-2FB6-4388-AE60-6F08B7F66BB7", "versionEndIncluding": "3.2.10"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D147C1E-A7CC-4C2D-A737-F8B3B385A70D"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB41C1E0-6D13-4866-A8DC-9FC96FE963D4"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B63526C3-4163-47B5-890C-414E9C0BB30E"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D536002E-9A4F-4586-9FA9-6F30BE90885E"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E277E868-851C-4462-AB0F-E2153F0C7F09"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1910DE64-CDD2-46F8-A8AE-0FD64F7D58E7"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39EBADC9-B374-4FAD-BB32-987D03849911"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72E7C90C-A1A7-4466-AB7F-58B0A412D9C4"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28575000-61BD-4477-B16B-69BB12C91071"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8A1DB7-80BA-498C-9781-E60C41DA3503"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F469039A-4876-477D-8470-C4F5A5D6B70A"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39D6ECA-E207-490F-883C-1484D8B507DB"}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C24FF31B-C7B7-4030-A46F-C925142897D5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}