COMMAND

    CamShot

SYSTEMS AFFECTED

    CamShot server 2.6 trial version

PROBLEM

    Aviram Jenik found following.  CamShot is a web server that serves
    up web pages containing time stamped images captured from a  video
    camera.   This product  contains a  remotely exploitable  security
    vulnerability  that  allows  a  remote  attacker  to gain elevated
    privileges on the remote system.  Example:

        GET / HTTP/1.1<enter>
        Authorization: Basic ['a'x325]<enter><enter>

    Since  the  server  crashes  in  a  way  that enables attackers to
    execute arbitrary code, this vulnerability is quite dangerous.

SOLUTION

    Vendor has been contacted Saturday, August 26, 2000.  No  response
    has been received.