Debian DSA-2640-1 Critical: Zoneminder Remote Code Exec & File Inclusion
debian
March 14, 2013
Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution
Topics Covered
Summary
Multiple vulnerabilities were discovered in zoneminder, a Linux video
camera security and surveillance solution. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2013-0232
Brendan Coles discovered that zoneminder is prone to an arbitrary
command execution vulnerability. Remote (authenticated) attackers could execute arbitrary commands as the web server user.
CVE-2013-0332
zoneminder is prone to a local file inclusion vulnerability. Remote
attackers could examine files on the system running zoneminder.
For the stable distribution (squeeze), these problems have been fixed in
version 1.24.2-8+squeeze1.
For the testing distribution (wheezy), these problems have been fixed in
version 1.25.0-4.
For the unstable distribution (sid), these problems have been fixed in
version 1.25.0-4.
We recommend that you upgrade your zoneminder packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently as...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: zoneminder
CVE ID: CVE-2013-0232 CVE-2013-0332
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!