Date: 20 December 2002 1. Topic Web server vulnerability in Axis Network Cameras, Video Servers and Network Digital Video Recorders. 2. Description A potential stack buffer overflow has been found in the authentication code of the modified version of Boa used in some of the embedded Linux based Axis products, which may result in DoS attacks, or in a potential system compromise. Note: this vulnerability is not present in the official boa distribution available from <URL:http://www.boa.org/>. 3. Affected products Axis 2100/2110/2120/2420 Network Camera - Firmware Release 2.33 and below Axis 2130 PTZ Network Camera - Firmware Release 2.32 Axis 2400/2401 Video Server - Firmware Release 2.33 and below Axis 2460 Network DVR - Firmware Release 3.00 Axis 2490 Serial Server - Firmware Release 2.10 Axis 250S MPEG-2 Video Server - Firmware Release 3.01 4. Solution The part of the authentication code where the buffer overflow may arise has been corrected and is included in new firmware releases for all affected products. 5. Releases Axis 2100 Network Camera (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/sr/ Axis 2110 Network Camera (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/sr/ Axis 2120 Network Camera (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/sr/ Axis 2420 Network Camera (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/sr/ Axis 2130 PTZ Network Camera (2.32.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2130/sr/ Axis 2400 Video Server (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/ Axis 2401 Video Server (2.33.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/ Axis 250S MPEG-2 Video Server (3.02 RC1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_250s/release_candidate/3_02/ Axis 2460 Network Digital Video Recorder (3.01) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2460/sr/ Axis 2490 Serial Server (2.11.1) - ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/sr/ Axis Developer Board LX Axis Device Server Platform Axis Developer Board for Bluetooth - http://developer.axis.com/download/apps/apps-boa-R1_1_19-2_33_2.tgz 6. Acknowledgement Thanks to D.C. van Moolenbroek (dcvmoole@cs.vu.nl) and M.C. Schrijver (m.c.schrijver@student.utwente.nl) for disclosing this vulnerability to Axis Communications AB.
