Vulnerability in open source monitoring software, Motion
Users of open source webcam monitoring software Motion should install the latest developer patch. It fixes a vulnerability in the configuration interface web server, which could be exploited by an attacker to gain control of or crash a system.
The cause of the problem is an off-by-one buffer overflow in the read_client() function in the webhttpd.c file, which can be provoked by client requests longer than 1023 bytes. By default, the configuration interface is not remotely accessible. Versions 3.2.10 and earlier are affected. Patches are available for versions 3.2.9 and 3.2.10.
See also:
- motion off-by-one in webhttpd.c, security advisory in the Debian Bug database
(trk)