QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2654

Published: Jun 13, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver

mailing-list

x_refsource_MLIST

[oss-security] 20080610 Re: exploitability of off-by-one in motion webserver

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff

x_refsource_CONFIRM

http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff

x_refsource_CONFIRM

[oss-security] 20080610 exploitability of off-by-one in motion webserver

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver

mailing-list

x_refsource_MLIST

motion-readclient-bo(42979)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.