219694 – (CVE-2008-1381) www-misc/zoneminder <1.23.3 Unspecified Code Execution Vulnerabilities (CVE-2008-1381,CVE-2008-2033)

Bug 219694 (CVE-2008-1381) - www-misc/zoneminder <1.23.3 Unspecified Code Execution Vulnerabilities (CVE-2008-1381,CVE-2008-2033)

Summary: www-misc/zoneminder <1.23.3 Unspecified Code Execution Vulnerabilities (CVE-2...

Status:	RESOLVED FIXED

Alias:	CVE-2008-1381

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/29995/
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-04-29 09:05 UTC by Joel
Modified:	2008-05-06 15:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joel 2008-04-29 09:05:16 UTC

Secunia:

Description:
Some vulnerabilities have been reported in ZoneMinder, which potentially can be exploited by malicious users to compromise a vulnerable system.

The vulnerabilities are caused due to unspecified errors and can be exploited to execute arbitrary code.

Solution:
Update to version 1.23.3.

Original Advisory:
http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3

Comment 1 Joel 2008-04-29 09:28:48 UTC

http://www.awe.com/mark/blog/200804272230.html (thanks to thoger)

Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev

2008-05-06 10:01:42 UTC

zoneminder-1.23.3 is in the tree. All versions were marked unstable and I'm going to remove the older versions once I got feedback that the newer ebuild works fine.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-05-06 15:34:57 UTC

thanks, closing then.