ZoneMinder Multiple Vulnerabilities

2008-08-26T00:00:00

Description

ZoneMinder Multiple Vulnerabilities by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl> Software affected: ZoneMinder <= 1.23.3 Severity: Critical Description (from the vendor site): ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine. Overview: ZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of lack of user input sanitizing. I. Command Injection In the "zm_html_view_events.php" function executeFilter() doesn't validate user input. In the "zm_html_view_state.php" parameter "run_state" is not validated. II. SQL Injcetion In the "zm_html_view_event.php" array "filter" is not validated. III .XSS In the "zm_html_view_*.php" multiple XSS exists. Status: At the moment no fixes were provided by the vendor. As a workaround restricted access to authenticated users only and granting the lowest privileges is suggested. Disclousre timeline: 18 VI 2008 Vulerability sent to the vendor. 18 VI 2008 Initial vendor response. 26 VIII 2008 Security bulletin released. Link: http://www.zoneminder.com/ Best regards, Filip Palian.

{"id": "SECURITYVULNS:DOC:20409", "bulletinFamily": "software", "title": "ZoneMinder Multiple Vulnerabilities", "description": "ZoneMinder Multiple Vulnerabilities\r\n\r\nby Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl>\r\n\r\nSoftware affected: ZoneMinder <= 1.23.3\r\n\r\nSeverity: Critical\r\n\r\n\r\nDescription (from the vendor site):\r\nZoneMinder is an integrated set of applications which provide a complete surveillance solution\r\nallowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a\r\nLinux based machine.\r\n\r\n\r\nOverview:\r\nZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of\r\nlack of user input sanitizing.\r\n\r\nI. Command Injection\r\nIn the "zm_html_view_events.php" function executeFilter() doesn't validate user input.\r\nIn the "zm_html_view_state.php" parameter "run_state" is not validated.\r\n\r\nII. SQL Injcetion\r\nIn the "zm_html_view_event.php" array "filter" is not validated.\r\n\r\nIII .XSS\r\nIn the "zm_html_view_*.php" multiple XSS exists.\r\n\r\n\r\nStatus:\r\nAt the moment no fixes were provided by the vendor. As a workaround restricted access to\r\nauthenticated users only and granting the lowest privileges is suggested.\r\n\r\n\r\nDisclousre timeline:\r\n18 VI 2008 Vulerability sent to the vendor.\r\n18 VI 2008 Initial vendor response.\r\n26 VIII 2008 Security bulletin released.\r\n\r\n\r\nLink:\r\nhttp://www.zoneminder.com/\r\n\r\n\r\nBest regards,\r\nFilip Palian.", "published": "2008-08-26T00:00:00", "modified": "2008-08-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20409", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 31, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9244"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9244"]}]}, "exploitation": null, "vulnersScore": 1.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645553191, "score": 1659803227}, "_internal": {"score_hash": "ec9397f94cf16b473f0358de4647c9af"}}