Bug 1429952 (CVE-2016-10201, CVE-2016-10202, CVE-2016-10203, CVE-2016-10204, CVE-2016-10205, CVE-2016-10206, CVE-2017-7203) - CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues
Summary: CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CV...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2016-10201, CVE-2016-10202, CVE-2016-10203, CVE-2016-10204, CVE-2016-10205, CVE-2016-10206, CVE-2017-7203
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1429953
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-07 15:02 UTC by Andrej Nemec
Modified: 2021-02-17 02:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:08:49 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-03-07 15:02:18 UTC
Multiple security vulnerabilities in zoneminder were reported.

CVE-2016-10201 - Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.

CVE-2016-10202 - Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.

CVE-2016-10203 - Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.

CVE-2016-10204 - SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.

CVE-2016-10205 - Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.

CVE-2016-10206 - Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

External References:

https://www.foxmole.com/advisories/foxmole-2016-07-05.txt

Comment 1 Andrej Nemec 2017-03-07 15:02:42 UTC
Created zoneminder tracking bugs for this issue:

Affects: fedora-all [bug 1429953]

Comment 2 Andrej Nemec 2017-03-22 08:50:48 UTC
CVE-2017-7203:

A Cross-Site Scripting (XSS) was discovered in ZoneMinder. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 

References:

https://github.com/ZoneMinder/ZoneMinder/issues/1797

Comment 3 Product Security DevOps Team 2019-06-08 03:08:49 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.