Summary: | www-misc/zoneminder allow any user to read configuration-files (CVE-2008-6756) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rune Andresen <andresen-gentoo> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Rune Andresen
2008-12-12 16:54:17 UTC
fixed in cvs. albeit without bumping the revision as I'm considering masking the package anyhow (see bug #236517). webapps done. thanks, closing. CVE-2008-6756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6756): ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. |