TUCoPS :: Security App Flaws :: va1069.htm

ZoneMinder Multiple Vulnerabilities
ZoneMinder Multiple Vulnerabilities
ZoneMinder Multiple Vulnerabilities


ZoneMinder Multiple Vulnerabilities=0D
=0D
by Filip Palian =0D
=0D
Software affected: ZoneMinder <= 1.23.3=0D
=0D
Severity: Critical=0D
=0D
=0D
Description (from the vendor site):=0D
ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine.=0D
=0D
=0D
Overview:=0D
ZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of lack of user input sanitizing.=0D
=0D
I. Command Injection=0D
In the "zm_html_view_events.php" function executeFilter() doesn't validate user input.=0D
In the "zm_html_view_state.php" parameter "run_state" is not validated.=0D
=0D
II. SQL Injcetion=0D
In the "zm_html_view_event.php" array "filter" is not validated.=0D
=0D
III .XSS=0D
In the "zm_html_view_*.php" multiple XSS exists.=0D
=0D
=0D
Status:=0D
At the moment no fixes were provided by the vendor. As a workaround restricted access to authenticated users only and granting the lowest privileges is suggested.=0D
=0D
=0D
Disclousre timeline:=0D
18 VI   2008 Vulerability sent to the vendor.=0D
18 VI   2008 Initial vendor response.=0D
26 VIII 2008 Security bulletin released.=0D
=0D
=0D
Link:=0D
http://www.zoneminder.com/=0D 
=0D
=0D
Best regards,=0D
Filip Palian.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH