| Summary: | <net-irc/znc-1.0-r2 : Multiple NULL Pointer Dereference Vulnerabilities (CVE-2013-2130) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | net-irc, wired |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53450/ | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
The issue is fixed in =net-irc/znc-1.0-r2 which is ready for stabilization. amd64: pass amd64: ok (builds, runs) x86 stable amd64 stable GLSA vote: yes GLSA Vote: Yes Created a New GLSA request. CVE-2013-2130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2130): ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. This issue was resolved and addressed in GLSA 201412-31 at http://security.gentoo.org/glsa/glsa-201412-31.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : Description Multiple vulnerabilities have been reported in ZNC, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors when handling the "editnetwork", "editchan", "addchan", and "delchan" page requests and can be exploited to cause a NULL pointer dereference. The vulnerabilities are reported in version 1.0. Solution Fixed in the git repository. Provided and/or discovered by The vendor credits Simone "ChauffeR" Esposito. Original Advisory ZNC: https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.