[Secure-testing-team] Bug#484570: [motion] motion.conf world readable and thus writable through web interface by default
Nico Golde
nion at debian.org
Wed Jun 4 23:41:30 UTC 2008
Package: motion
Version: 3.2.3-2.1
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Hi,
the default configuration file of motion is world-readable
in default installations on Debian:
ls -l /etc/motion/motion.conf
-rw-r--r-- 1 root root 22085 5. Jun 00:49 /etc/motion/motion.conf
That basically makes the control_authentication which is
used for http authentication useless as an attacker can read
login credentials and then change the configuration to
whatever he likes via the web interface of motion (for
example switching off motion detection).
Kind regards
Nico
--- System information. ---
Architecture: amd64
Kernel: Linux 2.6.24-1-amd64
Debian Release: lenny/sid
500 unstable debian.netcologne.de
--- Package information. ---
Depends (Version) | Installed
==========================================-+-===================
libavcodec51 (>= 0.svn20080206) | 0.svn20080206-7
libavformat52 (>= 0.svn20080206) | 0.svn20080206-7
libavutil49 (>= 0.svn20080206) | 0.svn20080206-7
libc6 (>= 2.7-1) | 2.7-12
libjpeg62 | 6b-14
libmysqlclient15off (>= 5.0.27-1) | 5.0.51a-6
libpq5 (>= 8.3~beta1) | 8.3.1-2+b1
debconf (>= 0.5) | 1.5.22
OR debconf-2.0 |
adduser | 3.107
debconf | 1.5.22
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080605/14b79bc2/attachment.pgp
More information about the Secure-testing-team
mailing list