Ubuntu
znc package

Security Issue in all ZNC <0.066

Bug #343494 reported by canofspam3
256
Affects Status Importance Assigned to Milestone
znc (Ubuntu)
Fix Released
Undecided
Unassigned
Declined for Jaunty by Marc Deslauriers
Hardy
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: znc

"There was a privilege escalation bug in webadmin which could allow all ZNC users to write to znc.conf. They could gain shell access through this."

http://en.znc.in/wiki/ChangeLog/0.066
http://web.nvd.nist.gov/view/vuln/detail?execution=e1s1

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityUpdateProcedures

Changed in znc:
status: New → Confirmed
Marc Deslauriers (mdeslaur)
Changed in znc (Ubuntu Hardy):
status: New → Confirmed
Changed in znc (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. hardy has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against hardy is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in znc (Ubuntu Hardy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.