Oval Definition:oval:org.mitre.oval:def:13146
Revision Date:2014-06-23Version:19
Title:DSA-1735-1 znc -- missing input sanitisation
Description:It was discovered that znc, an IRC proxy/bouncer, does not properly sanitise input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands. For the old stable distribution, this problem has been fixed in version 0.045-3+etch2. For the stable distribution, this problem has been fixed in version 0.058-2+lenny1. For the unstable distribution, this problem has been fixed in version 0.066-1. We recommend that you upgrade your znc packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0759
DSA-1735-1
Platform(s):Debian GNU/Linux 4.0
Product(s):znc
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is powerpc
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND znc DPKG is earlier than 0.045-3+etch2
    • BACK