Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6755

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6755
Last Modified 13 May 2009 01:25:41
Published 27 Apr 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6755

Summary

ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

Vulnerable Systems

Application

  • Zoneminder 1.23.3


References

FEDORA - FEDORA-2008-11484

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=476529

XF - zoneminder-etczmconf-security-bypass(50324)


Last Updated: 27 May 2016 10:49:20