CVE-2008-6755

Published: Apr 27, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

Affected (1)

Products: Zoneminder: Zoneminder

Zoneminder

1 product

Zoneminder

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zoneminder Zoneminder	Version 1.23.3

Running on/with	Platform Versions
Redhat Fedora	Version 10

Related CWEs

CWE-264

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=476529

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50324

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html

Source: cve@mitre.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=476529

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50324

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.