CVE-2008-6756 — Zoneminder vulnerability

CWE-2644 documents4 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 88.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedApr 27

Latest updateMay 17

Description

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.22.3-5 (bookworm)

▶Debianzoneminder/zoneminder< 1.22.3-5+3

▶NVDzoneminder/zoneminder1.23.3

🔴Vulnerability Details

GHSA

GHSA-cwv7-hqww-jxgw: ZoneMinder 1↗2022-05-17

▶

OSV

CVE-2008-6756: ZoneMinder 1↗2009-04-27

▶

📋Vendor Advisories

Debian

CVE-2008-6756: zoneminder - ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which ...↗2008

▶