329951 – net-irc/znc DoS (CVE-2010-2448)

Bug 329951 - net-irc/znc DoS (CVE-2010-2448)

Summary: net-irc/znc DoS (CVE-2010-2448)

Status:	RESOLVED DUPLICATE of bug 323965

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://znc.svn.sourceforge.net/viewvc...
Whiteboard:	B4 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2010-07-26 15:54 UTC by Stefan Behte (RETIRED)
Modified:	2010-08-01 12:08 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-07-26 15:54:14 UTC

CVE-2010-2448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2448):
  znc.cpp in ZNC before 0.092 allows remote authenticated users to
  cause a denial of service (crash) by requesting traffic statistics
  when there is an active unauthenticated connection, which triggers a
  NULL pointer dereference, as demonstrated using (1) a traffic link in
  the web administration pages or (2) the traffic command in the /znc
  shell.

Comment 1 Alex Alexander (RETIRED) gentoo-dev

2010-07-27 21:06:31 UTC

This has been addressed in bug #323965.

All affected versions have been removed.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2010-08-01 12:08:17 UTC

You may mark my bugs as dup. ;)

*** This bug has been marked as a duplicate of bug 323965 ***