COMMAND
	Axis Webcam remote DoS via web server
SYSTEMS AFFECTED
	Axis Webserver for 2400, 2100
PROBLEM
	Thanks   to    Martin    Eiszner    [[email protected]]    of    WebSec.org
	[http://www.websec.org] advisory :
	 1) INFORMATION DISCLOSURE
	http-requests to:
	
	---*---
	http://server/support/messages
	---*---
	
	responds with /var/log/messages. it is not password protected and  might
	disclose sensitive information.
	 2) DOS / OVERWRITING SYSTEM-FILES
	requesting:
	
	---*---
	http://server/axis-cgi/buffer/command.cgi?
	buffername=X&
	prealarm=1&
	postalarm=1&
	do=start&
	uri=/jpg/quad.jpg&
	format=[bad input]
	---*---
	
	allows an attacker to overwrite  important  files  on  the  system  (all
	fifos for example) leading to an effective DOS-attack.
	 3) ARBITRARY FILE CREATION
	a request like:
	
	---*---
	/axis-cgi/buffer/command.cgi?whatever params
	buffername=[relative path to directory]
	format=[relative path to arbitrary file name]
	---*---
	
	will create [relative path to arbitrary file name] or [relative path  to
	a. directory]
	if somebody is able to change content of  error  messages  he  might  be
	able to create and execute arbitrary script-files(php fE.).
SOLUTION
	None yet