Detections
Analytics
Debian DSA-2640-1 : zoneminder - several issues
high Nessus Plugin ID 65556
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2013-0232 Brendan Coles discovered that zoneminder is prone to an arbitrary command execution vulnerability. Remote (authenticated) attackers could execute arbitrary commands as the web server user.
- CVE-2013-0332 zoneminder is prone to a local file inclusion vulnerability. Remote attackers could examine files on the system running zoneminder.
Solution
Upgrade the zoneminder packages.For the stable distribution (squeeze), these problems have been fixed in version 1.24.2-8+squeeze1.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912
https://security-tracker.debian.org/tracker/CVE-2013-0232
https://security-tracker.debian.org/tracker/CVE-2013-0332
Plugin Details
Severity: High
ID: 65556
File Name: debian_DSA-2640.nasl
Version: 1.12
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/15/2013
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:zoneminder, cpe:/o:debian:debian_linux:6.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/14/2013
Exploitable With
Metasploit (ZoneMinder Video Server packageControl Command Execution)
Reference Information
CVE: CVE-2013-0232, CVE-2013-0332
DSA: 2640