{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1796", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1796"}, {"name": "[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=121314471626034&w=2"}, {"name": "[oss-security] 20080610 Re: exploitability of off-by-one in motion webserver", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=121314089321816&w=2"}, {"name": "29636", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29636"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff"}, {"name": "[oss-security] 20080610 exploitability of off-by-one in motion webserver", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=121311577731820&w=2"}, {"name": "30544", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30544"}, {"name": "[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=121314329424538&w=2"}, {"name": "motion-readclient-bo(42979)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42979"}, {"name": "30864", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30864"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572"}, {"name": "GLSA-200807-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200807-02.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2654", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1796", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1796"}, {"name": "[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=121314471626034&w=2"}, {"name": "[oss-security] 20080610 Re: exploitability of off-by-one in motion webserver", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=121314089321816&w=2"}, {"name": "29636", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29636"}, {"name": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff", "refsource": "CONFIRM", "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff"}, {"name": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff", "refsource": "CONFIRM", "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff"}, {"name": "[oss-security] 20080610 exploitability of off-by-one in motion webserver", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=121311577731820&w=2"}, {"name": "30544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30544"}, {"name": "[oss-security] 20080611 Re: exploitability of off-by-one in motion webserver", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=121314329424538&w=2"}, {"name": "motion-readclient-bo(42979)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42979"}, {"name": "30864", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30864"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572"}, {"name": "GLSA-200807-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200807-02.xml"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2654", "datePublished": "2008-06-13T18:00:00", "dateReserved": "2008-06-10T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lavrsen:motion:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EBD0F21-2FB6-4388-AE60-6F08B7F66BB7", "versionEndIncluding": "3.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "4D147C1E-A7CC-4C2D-A737-F8B3B385A70D", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "BB41C1E0-6D13-4866-A8DC-9FC96FE963D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "B63526C3-4163-47B5-890C-414E9C0BB30E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "D536002E-9A4F-4586-9FA9-6F30BE90885E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E277E868-851C-4462-AB0F-E2153F0C7F09", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1910DE64-CDD2-46F8-A8AE-0FD64F7D58E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "39EBADC9-B374-4FAD-BB32-987D03849911", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "72E7C90C-A1A7-4466-AB7F-58B0A412D9C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "28575000-61BD-4477-B16B-69BB12C91071", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0D8A1DB7-80BA-498C-9781-E60C41DA3503", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "F469039A-4876-477D-8470-C4F5A5D6B70A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "F39D6ECA-E207-490F-883C-1484D8B507DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lavrsen:motion:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "C24FF31B-C7B7-4030-A46F-C925142897D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler."}, {"lang": "es", "value": "Error de superaci\u00f3n del l\u00edmite (off-by-one) en la funci\u00f3n read_client en webhttpd.c en Motion 3.2.10 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n larga al interfaz Motion HTTP Control, que dispara un desbordamiento de b\u00fafer basado en pila en algunas combinaciones de arquitectura de procesador y compilador."}], "id": "CVE-2008-2654", "lastModified": "2017-08-08T01:31:12.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-13T18:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=121311577731820&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=121314089321816&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://marc.info/?l=oss-security&m=121314329424538&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=121314471626034&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30544"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30864"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200807-02.xml"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x10/webhttpd-security.diff"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.lavrsen.dk/twiki/pub/Motion/ReleaseNoteMotion3x2x9/webhttpd-security-video2-backport.diff"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29636"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1796"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42979"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}