PT-2009-2224 · Zoneminder · Zoneminder

Tomas Hoger

Published

2009-04-27

Updated

2017-08-17

CVE-2008-6755

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.23.3

Description: The issue makes it easier for remote attackers to modify the /etc/zm.conf file by accessing it through a PHP or CGI script, due to the file's ownership being set to the apache user account and permissions set to 0600.

Recommendations: For ZoneMinder version 1.23.3, consider changing the ownership and permissions of the /etc/zm.conf file to prevent unauthorized access, and restrict access to PHP and CGI scripts that could be used to modify this file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6755

Affected Products

Zoneminder

PT-2009-2224 · Zoneminder · Zoneminder

CVE-2008-6755

Weakness Enumeration

Related Identifiers

Affected Products

References · 8