PT-2009-2225 · Zoneminder · Zoneminder

Rune Andresen

Published

2009-04-27

Updated

2017-08-17

CVE-2008-6756

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.23.3

Description: The issue allows local users to obtain the database username and password by reading the /etc/zm.conf file due to its 0644 permissions.

Recommendations: For ZoneMinder version 1.23.3, consider changing the permissions of the /etc/zm.conf file to prevent unauthorized access, such as setting the permissions to 0600 to allow only the owner to read and write the file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6756

Affected Products

Zoneminder

PT-2009-2225 · Zoneminder · Zoneminder

CVE-2008-6756

Weakness Enumeration

Related Identifiers

Affected Products

References · 7