Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

Related bugs and status

CVE-2009-0759 (Candidate) is related to these bugs:

Bug #343494: Security Issue in all ZNC <0.066

Summary				In	Importance	Status
	343494	Security Issue in all ZNC <0.066		znc (Ubuntu)	Undecided	Fix Released
	343494	Security Issue in all ZNC <0.066		znc (Ubuntu Hardy)	Undecided	Won't Fix

Bug #345497: Vulnerability in znc package

Summary				In	Importance	Status
	345497	Vulnerability in znc package		znc (Ubuntu)	Undecided	Fix Released
	345497	Vulnerability in znc package		znc (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009030...
DEBIAN: DSA-1735
SECUNIA: 34230
OSVDB: 52295
CONFIRM: http://znc.svn.sourcef...
CONFIRM: http://znc.svn.sourcef...
CONFIRM: http://znc.svn.sourcef...