You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa ZNC

Sigurnosni nedostatak programskog paketa ZNC

by - 0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201908-15
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: ZNC: Privilege escalation
Date: August 15, 2019
Bugs: #688152
ID: 201908-15

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A vulnerability in ZNC allows users to escalate privileges.

Background
==========

ZNC is an advanced IRC bouncer.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 net-irc/znc < 1.7.4_rc1 >= 1.7.4_rc1

Description
===========

It was discovered that ZNC’s “Modules.cpp” allows remote authenticated
non-admin users to escalate privileges.

Impact
======

A remote authenticated attacker could escalate privileges and
subsequently execute arbitrary code or conduct a Denial of Service
attack.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ZNC users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=net-irc/znc-1.7.4_rc1”

References
==========

[ 1 ] CVE-2019-12816
https://nvd.nist.gov/vuln/detail/CVE-2019-12816

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-15

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQEzBAABCAAdFiEEDA48qNrrn8VVVcst4yp5f7HQy3AFAl1VgMEACgkQ4yp5f7HQ
y3Buwwf+MSnhFLybsJ6EBMP8ZgBzDUGuzJOkoTBmu5+g64cvgBDhMxQCOoxKjRF2
tCafvLlAajGsZX49ir+gysshZXrMW/VEj+I5Hk7fTqi6Dn6WSUAtf+36NotO3Ozg
v38ZUxvdKx7dCJytffviUeqatu85iCunTDpeC8k2GNH1ffCdN/6kpgyBF00Ltn2C
toXEUf/UShLRvzYYShGPA3FfrHCiSgOmIeEYtmXJYArW0RHvRMzIgqQh6aEL64Vx
XZM3+yc+gX5LDqvQYYigtOGQhdMYDP3MGvxwdpmtM6MmgI9i3u8q6/LeSHNztZIS
W2WTY7o7dVm0fg/Bad3d8RccaKwbuA==
=cFYB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libqb

Otkriven je sigurnosni nedostatak programske biblioteke libqb za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje...

Close