Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 260148 (CVE-2009-0759)

Summary: <net-irc/znc-0.066 Privilege escalation when using webadmin (CVE-2009-0759)
Product: Gentoo Security Reporter: Robert Förster <Dessa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: conikost, net-irc
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://en.znc.in/wiki/ChangeLog/0.066
Whiteboard: C1 [glsa]
Package list:
Runtime testing required: ---

Description Robert Förster 2009-02-24 17:11:11 UTC 
see the url for more info

Reproducible: Always
Comment 1 Conrad Kostecki gentoo-dev 2009-02-25 11:01:58 UTC 
*** Bug 259902 has been marked as a duplicate of this bug. ***
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-02-25 18:42:43 UTC 
Please stabilize =net-irc/znc-0.066
Arches: amd64 x86
Comment 3 Markus Meier gentoo-dev 2009-02-25 20:09:40 UTC 
amd64/x86 stable, all arches done.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-03-04 17:09:02 UTC 
CVE-2009-0759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0759):
  Multiple CRLF injection vulnerabilities in webadmin in ZNC before
  0.066 allow remote authenticated users to modify the znc.conf
  configuration file and gain privileges via CRLF sequences in the quit
  message and other vectors.
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-05 20:12:06 UTC 
GLSA request filed.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-06 22:42:55 UTC 
GLSA 200903-02, thanks everyone.