Summary: | <net-irc/znc-0.066 Privilege escalation when using webadmin (CVE-2009-0759) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Förster <Dessa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | conikost, net-irc |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://en.znc.in/wiki/ChangeLog/0.066 | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Förster
2009-02-24 17:11:11 UTC
*** Bug 259902 has been marked as a duplicate of this bug. *** Please stabilize =net-irc/znc-0.066 Arches: amd64 x86 amd64/x86 stable, all arches done. CVE-2009-0759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0759): Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. GLSA request filed. GLSA 200903-02, thanks everyone. |