<<< Date Index >>>     <<< Thread Index >>>

Denial of service in Getware's built-in webserver (Webcam Live and Photohost)



#######################################################################

                             Luigi Auriemma

Application:  Getware's built-in webserver
              http://www.getware.com
Versions:     WebCam Live <= 2.01
              Photohost <= 4.0
Platforms:    Windows
Bug:          Denial of service
Risk:         medium
Exploitation: remote
Date:         19 Jan 2004
Author:       Luigi Auriemma
              e-mail: aluigi@xxxxxxxxxxxxxx
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


WebCam Live and Photohost are 2 shareware programs used to share webcam
streams and photo albums through the web.
The web functions are managed by a built-in webserver that is the same
for both the programs.


#######################################################################

======
2) Bug
======


The bug is in the management of the value of the Content-Length
parameter sent by the client to the built-in webserver.
If this value is negative (or major than 2147483647 that is the same)
the webserver will show an "Out of memory" MessageBox but will continue
to run without problems.

The problems arrive after less than 300 of these errors (so 300
connections with the value -1) when the server will crash definitely.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/wcamdos.zip


#######################################################################

======
4) Fix
======


No fix.
The vendor has not answered to my signalations.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org