ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-27T22:00:00

Updated: 2024-08-07T11:42:00.804Z

Reserved: 2009-04-27T00:00:00

Link: CVE-2008-6755

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-04-27T22:30:00.217

Modified: 2017-08-17T01:29:32.770

Link: CVE-2008-6755

cve-icon Redhat

No data.