Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0232 Brendan Coles discovered that zoneminder is prone to an arbitrary command execution vulnerability. Remote (authenticated) attackers could execute arbitrary commands as the web server user. CVE-2013-0332 zoneminder is prone to a local file inclusion vulnerability. Remote attackers could examine files on the system running zoneminder.

For the stable distribution (squeeze), these problems have been fixed in version 1.24.2-8+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 1.25.0-4. For the unstable distribution (sid), these problems have been fixed in version 1.25.0-4. We recommend that you upgrade your zoneminder packages.

ZoneMinder is intended for use in single or multi-camera video security applications, including commercial or home CCTV, theft prevention and child or family member or home monitoring and other care scenarios. It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols.

zoneminder on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2640.html

---

Updated on 2015-03-25