PeleSoft NetSnap Buffer Overflow Vulnerability

Bugtraq ID:	1956
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	Yes
Published:	Nov 16 2000 12:00AM
Updated:	Nov 16 2000 12:00AM
Credit:	Discovered and posted to Bugtraq by SNS Research <[email protected]> on Nov 16, 2000.
Vulnerable:	PeleSoft NetSnap 1.2 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0
Not Vulnerable:	PeleSoft NetSnap 1.2.9 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0

PeleSoft NetSnap Buffer Overflow Vulnerability

NetSnap is a webcam application which transmits images and enables a user to directly publish footage to the web. NetSnap is shipped with an http server.

Due to an unchecked buffer in the handling of GET requests, NetSnap is subject to a buffer overflow attack. Requesting a GET command comprised of 342 bytes will cause a buffer overflow and allow the execution of arbitrary code.

Successful exploitation of this vulnerability could lead to a complete compromise of the host.

PeleSoft NetSnap Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

PeleSoft NetSnap Buffer Overflow Vulnerability

Solution:
This vulnerability has been addressed in NetSnap 1.2.9.

PeleSoft NetSnap Buffer Overflow Vulnerability

References:

• NetSnap Download page (PeleSoft)
  
• PeleSoft Homepage (PeleSoft)