I searched around this forum but I haven't seen any mention of the security issues disclosed on bugtraq yesterday:
http://marc.info/?l=bugtraq&m=121976722628485&w=4
I happen to not agree with the "critical" severity as I believe the issues are only exploitable by authenticated users, which is far less exposure than something exposed to anyone on the 'net. But they certainly need fixing.
I haven't started looking in the code yet, but my PHP isn't the best so I doubt I can be very useful. Is any progress being made on this?
New security issue?
CVEs have been assigned
I'm dismayed that there's no response to this. I note that four CVEs have been assigned to these issues:
CVE-2008-3880:
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder
1.23.3 and earlier allows remote attackers to execute arbitrary SQL
commands via the filter array parameter.
CVE-2008-3881:
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder
1.23.3 and earlier allow remote attackers to inject arbitrary web
script or HTML via unspecified parameters to unspecified
"zm_html_view_*.php" files.
CVE-2008-3882:
ZoneMinder 1.23.3 and earlier allows remote attackers to execute
arbitrary commands (aka "Command Injection") via (1) the executeFilter
function in zm_html_view_events.php and (2) the run_state parameter to
zm_html_view_state.php.
CVE-2008-3880:
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder
1.23.3 and earlier allows remote attackers to execute arbitrary SQL
commands via the filter array parameter.
CVE-2008-3881:
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder
1.23.3 and earlier allow remote attackers to inject arbitrary web
script or HTML via unspecified parameters to unspecified
"zm_html_view_*.php" files.
CVE-2008-3882:
ZoneMinder 1.23.3 and earlier allows remote attackers to execute
arbitrary commands (aka "Command Injection") via (1) the executeFilter
function in zm_html_view_events.php and (2) the run_state parameter to
zm_html_view_state.php.
Fixes have been already made in 1.24.x If you have authentication turned on you are not susceptible unless someone trying these has a login.
[edit] Just so no one gets confused, at this time 1.24.0 is still in development.
[edit] Just so no one gets confused, at this time 1.24.0 is still in development.
Last edited by cordel on Tue Sep 02, 2008 10:33 pm, edited 1 time in total.
-
curtishall
- Posts: 440
- Joined: Sat Sep 25, 2004 12:45 am
- Location: Fulton, MO
No. 1.24 hasn't been released to the public yet.coke wrote:Did I miss the 1.24.x release notice?
Last edited by curtishall on Tue Sep 02, 2008 9:44 pm, edited 1 time in total.
Actually we are working towards RC status, It's not there yet sorry should have articulated more, but the issues will be covered when it releases.curtishall wrote:No. 1.24 hasn't been released to the public yet and is currently in RC status.coke wrote:Did I miss the 1.24.x release notice?
Phil has completely redone the web interface.