Date: Fri, 29 Dec 2006 16:20:19 +0100
From: sapheal@hack.pl
Subject: QuickCam linux device driver allows arbitrary code execution
To: bugtraq@securityfocus.com
X-Mailer: Active.mail 1.0
X-OriginatingIP: 85.112.196.42
X-Priority: 3
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru
Synopsis: QuickCam linux device driver arbitrary code execution
Product: QuickCam
Version: <=1.0.9
Issue/Details:
========
A critical security vulnerability has been found in QuickCam
initialization function (qcamvc_video_init) of the protytype:
static void qcamvc_video_init(struct qcamvc *qcamvc)
The memory corruption conditions might lead to arbitrary code
execution.
Affected Versions
=================
OpenSER <= 1.0.9
Solution
=========
Proper boundary checking.
Exploitation
============
Exploitation might be performed by the use of specially
crafted QuickCam object.
