CVE-2008-2654

Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572	Exploit
http://marc.info/?l=oss-security&m=121311577731820&w=2
http://marc.info/?l=oss-security&m=121314089321816&w=2
http://marc.info/?l=oss-security&m=121314329424538&w=2	Exploit
http://marc.info/?l=oss-security&m=121314471626034&w=2
http://secunia.com/advisories/30544	Vendor Advisory
http://secunia.com/advisories/30864
http://security.gentoo.org/glsa/glsa-200807-02.xml
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff	Exploit
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff	Exploit
http://www.securityfocus.com/bid/29636	Patch
http://www.vupen.com/english/advisories/2008/1796
https://exchange.xforce.ibmcloud.com/vulnerabilities/42979
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572	Exploit
http://marc.info/?l=oss-security&m=121311577731820&w=2
http://marc.info/?l=oss-security&m=121314089321816&w=2
http://marc.info/?l=oss-security&m=121314329424538&w=2	Exploit
http://marc.info/?l=oss-security&m=121314471626034&w=2
http://secunia.com/advisories/30544	Vendor Advisory
http://secunia.com/advisories/30864
http://security.gentoo.org/glsa/glsa-200807-02.xml
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff	Exploit
http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff	Exploit
http://www.securityfocus.com/bid/29636	Patch
http://www.vupen.com/english/advisories/2008/1796
https://exchange.xforce.ibmcloud.com/vulnerabilities/42979

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lavrsen:motion::::::::
	cpe:2.3:a:lavrsen:motion:3.1.17:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.18:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.19:::::::*
	cpe:2.3:a:lavrsen:motion:3.1.20:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.1:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.2:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.3:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.4:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.5:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.6:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.7:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.8:::::::*
	cpe:2.3:a:lavrsen:motion:3.2.9:::::::*

History

21 Nov 2024, 00:47

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 - Exploit~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 - Exploit
References	~~() http://marc.info/?l=oss-security&m=121311577731820&w=2 -~~	() http://marc.info/?l=oss-security&m=121311577731820&w=2 -
References	~~() http://marc.info/?l=oss-security&m=121314089321816&w=2 -~~	() http://marc.info/?l=oss-security&m=121314089321816&w=2 -
References	~~() http://marc.info/?l=oss-security&m=121314329424538&w=2 - Exploit~~	() http://marc.info/?l=oss-security&m=121314329424538&w=2 - Exploit
References	~~() http://marc.info/?l=oss-security&m=121314471626034&w=2 -~~	() http://marc.info/?l=oss-security&m=121314471626034&w=2 -
References	~~() http://secunia.com/advisories/30544 - Vendor Advisory~~	() http://secunia.com/advisories/30544 - Vendor Advisory
References	~~() http://secunia.com/advisories/30864 -~~	() http://secunia.com/advisories/30864 -
References	~~() http://security.gentoo.org/glsa/glsa-200807-02.xml -~~	() http://security.gentoo.org/glsa/glsa-200807-02.xml -
References	~~() http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff - Exploit~~	() http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff - Exploit
References	~~() http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff - Exploit~~	() http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff - Exploit
References	~~() http://www.securityfocus.com/bid/29636 - Patch~~	() http://www.securityfocus.com/bid/29636 - Patch
References	~~() http://www.vupen.com/english/advisories/2008/1796 -~~	() http://www.vupen.com/english/advisories/2008/1796 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42979 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42979 -

Information

Published : 2008-06-13 18:41

Updated : 2025-04-09 00:30

NVD link : CVE-2008-2654

Mitre link : CVE-2008-2654

CVE.ORG link : CVE-2008-2654

JSON object : View

Products Affected

lavrsen

motion

CWE

CWE-189

Numeric Errors

10.0 /10