Advisories : Netsnap Webcam Software Remote Overflow

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Netsnap Webcam Software Remote Overflow

Title:	Netsnap Webcam Software Remote Overflow
Released by:	Strumpf Noir Society
Date:	16th November 2000
Printable version:	Click here

Strumpf Noir Society Advisories

! Public release !

<--#



-= Netsnap Webcam Software Remote Overflow =-



Release date: Thursday, November 16, 2000





Introduction:



Netsnap is a webcam software package for Win95/98/NT/2k which in

addition to filming and picture taking allows the user to directly

publish his/her footage to the web. To do this, Netsnap is equiped with

its own HTTP-server.



Netsnap can be found on vendor Pelesoft's Netsnap site,

http://www.netsnap.com





Problem:



There's a problem in the handling of GET requests by named server. An

unchecked buffer here can be overflowed by a string of approximately 342

bytes, effectively crashing the server and allowing the execution of

arbitrary code.





(..)





Solution:



After discussing this issue with the vendor, Pelesoft have released

version 1.2.9 of their Netsnap software, which eliminates the problem.

Users are encouraged to obtain the new version asap.





yadayadayada



SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)

compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!