安全研究
安全漏洞
Axis嵌入设备验证远程缓冲区溢出漏洞
发布日期:2002-12-20
更新日期:2002-12-27
受影响系统:
Axis Communications Network Camera 2420描述:
Axis Communications Network Camera 2120
Axis Communications Network Camera 2110
Axis Communications Network Camera 2100
Axis Communications MPEG-2 Video Server 250S
Axis Communications PTZ Network Camera 2130
Axis Communications Serial Server 2490
Axis Communications Video Server 2401
Axis Communications Video Server 2400
BUGTRAQ ID: 6452
Axis生产的Network Cameras、Video Servers和Network Digital Video Recorder都包含嵌入式的WEB程序。
Web服务程序的验证代码中存在基于堆栈的缓冲区溢出,远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击,可能以Web进程权限在系统上执行任意指令。
目前没有提供详细漏洞细节。
<*来源:Axis Product Security (product-security@axis.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104041566604382&w=2
*>
建议:
厂商补丁:
Axis Communications
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
升级最新固件:
Axis Communications MPEG-2 Video Server 250S:
Axis Communications Upgrade Axis 250S MPEG-2 Video Server (3.02 RC1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/
Axis Communications Serial Server 2490:
Axis Communications Upgrade Axis 2490 Serial Server (2.11.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/
Axis Communications Network DVR 2460:
Axis Communications Upgrade Axis 2460 Network Digital Video Recorder (3.01)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/
Axis Communications Network Camera 2420:
Axis Communications Upgrade Axis 2420 Network Camera (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/
Axis Communications Video Server 2401:
Axis Communications Upgrade Axis 2401 Video Server (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/
Axis Communications Video Server 2400:
Axis Communications Upgrade Axis 2400 Video Server (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/
Axis Communications PTZ Network Camera 2130:
Axis Communications Upgrade Axis 2130 PTZ Network Camera (2.32.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/
Axis Communications Network Camera 2120:
Axis Communications Upgrade Axis 2120 Network Camera (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/
Axis Communications Network Camera 2110:
Axis Communications Upgrade Axis 2110 Network Camera (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/
Axis Communications Network Camera 2100:
Axis Communications Upgrade Axis 2100 Network Camera (2.33.1)
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/
浏览次数:2885
严重程度:0(网友投票)
绿盟科技给您安全的保障