Vulnerabilities > CVE-2008-2654 - Numeric Errors vulnerability in Lavrsen Motion

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

lavrsen

CWE-189

nessus

NVD

Published: 2008-06-13

Updated: 2024-11-21

Summary

Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.

Vulnerable Configurations

Part	Description	Count
Application	Lavrsen Lavrsen Motion 3.1.20 Lavrsen Motion 3.2.5 Lavrsen Motion 3.2.1 Lavrsen Motion 3.2.9 Lavrsen Motion 3.2.6 Lavrsen Motion 3.1.19 Lavrsen Motion 3.2.4 Lavrsen Motion 3.1.18 Lavrsen Motion * Lavrsen Motion 3.2.7 Lavrsen Motion 3.2.2 Lavrsen Motion 3.1.17 Lavrsen Motion 3.2.3 Lavrsen Motion 3.2.8	14

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200807-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-200807-02 (Motion: Execution of arbitrary code) Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Impact : A remote attacker could exploit these vulnerabilities by sending an overly long or specially crafted request to a vulnerable Motion HTTP control interface, possibly resulting in the execution of arbitrary code with the privileges of the motion user. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	33422
published	2008-07-08
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33422
title	GLSA-200807-02 : Motion: Execution of arbitrary code
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200807-02. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(33422); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-2654"); script_xref(name:"GLSA", value:"200807-02"); script_name(english:"GLSA-200807-02 : Motion: Execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200807-02 (Motion: Execution of arbitrary code) Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Impact : A remote attacker could exploit these vulnerabilities by sending an overly long or specially crafted request to a vulnerable Motion HTTP control interface, possibly resulting in the execution of arbitrary code with the privileges of the motion user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200807-02" ); script_set_attribute( attribute:"solution", value: "All Motion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/motion-3.2.10.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:motion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-video/motion", unaffected:make_list("ge 3.2.10.1"), vulnerable:make_list("lt 3.2.10.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Motion"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References