260148 – (CVE-2009-0759) <net-irc/znc-0.066 Privilege escalation when using webadmin (CVE-2009-0759)

Bug 260148 (CVE-2009-0759) - <net-irc/znc-0.066 Privilege escalation when using webadmin (CVE-2009-0759)

Summary: <net-irc/znc-0.066 Privilege escalation when using webadmin (CVE-2009-0759)

Status:	RESOLVED FIXED

Alias:	CVE-2009-0759

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://en.znc.in/wiki/ChangeLog/0.066
Whiteboard:	C1 [glsa]
Keywords:

Duplicates (1):	259902 (view as bug list)
Depends on:
Blocks:

Reported:	2009-02-24 17:11 UTC by Robert Förster
Modified:	2009-03-06 22:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Förster 2009-02-24 17:11:11 UTC

see the url for more info

Reproducible: Always

Comment 1 Conrad Kostecki gentoo-dev

2009-02-25 11:01:58 UTC

*** Bug 259902 has been marked as a duplicate of this bug. ***

Comment 2 Raúl Porcel (RETIRED) gentoo-dev

2009-02-25 18:42:43 UTC

Please stabilize =net-irc/znc-0.066
Arches: amd64 x86

Comment 3 Markus Meier gentoo-dev

2009-02-25 20:09:40 UTC

amd64/x86 stable, all arches done.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-03-04 17:09:02 UTC

CVE-2009-0759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0759):
  Multiple CRLF injection vulnerabilities in webadmin in ZNC before
  0.066 allow remote authenticated users to modify the znc.conf
  configuration file and gain privileges via CRLF sequences in the quit
  message and other vectors.

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2009-03-05 20:12:06 UTC

GLSA request filed.

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2009-03-06 22:42:55 UTC

GLSA 200903-02, thanks everyone.