ZoneMinder Multiple Vulnerabilities
by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl>
Software affected: ZoneMinder <= 1.23.3
Severity: Critical
Description (from the vendor site):
ZoneMinder is an integrated set of applications which provide a complete surveillance solution
allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a
Linux based machine.
Overview:
ZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of
lack of user input sanitizing.
I. Command Injection
In the "zm_html_view_events.php" function executeFilter() doesn't validate user input.
In the "zm_html_view_state.php" parameter "run_state" is not validated.
II. SQL Injcetion
In the "zm_html_view_event.php" array "filter" is not validated.
III .XSS
In the "zm_html_view_*.php" multiple XSS exists.
Status:
At the moment no fixes were provided by the vendor. As a workaround restricted access to
authenticated users only and granting the lowest privileges is suggested.
Disclousre timeline:
18 VI 2008 Vulerability sent to the vendor.
18 VI 2008 Initial vendor response.
26 VIII 2008 Security bulletin released.
Link:
http://www.zoneminder.com/
Best regards,
Filip Palian.
{"id": "SECURITYVULNS:DOC:20409", "bulletinFamily": "software", "title": "ZoneMinder Multiple Vulnerabilities", "description": "ZoneMinder Multiple Vulnerabilities\r\n\r\nby Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl>\r\n\r\nSoftware affected: ZoneMinder <= 1.23.3\r\n\r\nSeverity: Critical\r\n\r\n\r\nDescription (from the vendor site):\r\nZoneMinder is an integrated set of applications which provide a complete surveillance solution\r\nallowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a\r\nLinux based machine.\r\n\r\n\r\nOverview:\r\nZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of\r\nlack of user input sanitizing.\r\n\r\nI. Command Injection\r\nIn the "zm_html_view_events.php" function executeFilter() doesn't validate user input.\r\nIn the "zm_html_view_state.php" parameter "run_state" is not validated.\r\n\r\nII. SQL Injcetion\r\nIn the "zm_html_view_event.php" array "filter" is not validated.\r\n\r\nIII .XSS\r\nIn the "zm_html_view_*.php" multiple XSS exists.\r\n\r\n\r\nStatus:\r\nAt the moment no fixes were provided by the vendor. As a workaround restricted access to\r\nauthenticated users only and granting the lowest privileges is suggested.\r\n\r\n\r\nDisclousre timeline:\r\n18 VI 2008 Vulerability sent to the vendor.\r\n18 VI 2008 Initial vendor response.\r\n26 VIII 2008 Security bulletin released.\r\n\r\n\r\nLink:\r\nhttp://www.zoneminder.com/\r\n\r\n\r\nBest regards,\r\nFilip Palian.", "published": "2008-08-26T00:00:00", "modified": "2008-08-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20409", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 31, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9244"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9244"]}]}, "exploitation": null, "vulnersScore": 1.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645553191, "score": 1659803227}, "_internal": {"score_hash": "ec9397f94cf16b473f0358de4647c9af"}}