Follow @discotekdotca
CVE-2008-2654
Current Description
Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.
Basic Data
| Published | June 13, 2008 |
|---|---|
| Last Modified | August 08, 2017 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-189 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 10.0 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 10.0 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Lavrsen Motion 3.1.17 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.1.18 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.1.19 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.1.20 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.1 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.2 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.3 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.4 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.5 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.6 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.7 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.8 * * * * * * * � � � � 2.3 Application Lavrsen Motion 3.2.9 * * * * * * * � � � � 2.3 Application Lavrsen Motion * * * * * * * * � 3.2.10 � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Lavrsen | Motion | *, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 | CONFIRM | Exploit |
| [oss-security] 20080610 exploitability of off-by-one in motion webserver | http://marc.info/?l=oss-security&m=121311577731820&w=2 | MLIST | |
| [oss-security] 20080610 Re: exploitability of off-by-one in motion webserver | http://marc.info/?l=oss-security&m=121314089321816&w=2 | MLIST | |
| [oss-security] 20080611 Re: exploitability of off-by-one in motion webserver | http://marc.info/?l=oss-security&m=121314329424538&w=2 | MLIST | Exploit |
| [oss-security] 20080611 Re: exploitability of off-by-one in motion webserver | http://marc.info/?l=oss-security&m=121314471626034&w=2 | MLIST | |
| 30544 | http://secunia.com/advisories/30544 | SECUNIA | Vendor Advisory |
| 30864 | http://secunia.com/advisories/30864 | SECUNIA | |
| GLSA-200807-02 | http://security.gentoo.org/glsa/glsa-200807-02.xml | GENTOO | |
| http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff | http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff | CONFIRM | Exploit |
| http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff | http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff | CONFIRM | Exploit |
| 29636 | http://www.securityfocus.com/bid/29636 | BID | PATCH |
| ADV-2008-1796 | http://www.vupen.com/english/advisories/2008/1796 | VUPEN | |
| motion-readclient-bo(42979) | https://exchange.xforce.ibmcloud.com/vulnerabilities/42979 | XF |