Vulnerability CVE-2009-0759

Vulnerability Name:

CVE-2009-0759 (CCN-48891)

Assigned:

2009-02-24

Published:

2009-02-24

Updated:

2009-06-09

Summary:

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-0759

Source: CCN
Type: ZNC Changelog
ZNC

Source: OSVDB
Type: UNKNOWN
52295

Source: CCN
Type: SA34043
ZNC webadmin Configuration File Manipulation Vulnerability

Source: SECUNIA
Type: UNKNOWN
34230

Source: DEBIAN
Type: UNKNOWN
DSA-1735

Source: DEBIAN
Type: DSA-1735
znc -- missing input sanitization

Source: CCN
Type: GLSA-200903-02
ZNC: Privilege escalation

Source: MLIST
Type: UNKNOWN
[oss-security] 20090301 CVE id request: znc

Source: CCN
Type: OSVDB ID: 52295
ZNC Webadmin Module znc.conf QuitMessage Field Security Restriction Bypass

Source: CCN
Type: BID-33899
ZNC Webadmin Module Remote Privilege Escalation Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395

Source: CONFIRM
Type: Vendor Advisory
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395

Source: CONFIRM
Type: Vendor Advisory
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396

Source: XF
Type: UNKNOWN
znc-webadmin-privilege-escalation(48891)

Vulnerable Configuration:

Configuration 1:

cpe:/a:znc:znc:0.056:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.058:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:*:*:*:*:*:*:*:* (Version <= 0.062)

Configuration CCN 1:

cpe:/a:znc:znc:0.064:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.062:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.060:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.058:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.056:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.054:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.052:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.050:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.047:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.045:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.044:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.041:*:*:*:*:*:*:*

OR cpe:/a:znc:znc:0.034:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:8315	P	DSA-1735 znc -- missing input sanitisation	2014-06-23
oval:org.mitre.oval:def:13146	P	DSA-1735-1 znc -- missing input sanitisation	2014-06-23
oval:org.debian:def:1735	V	missing input sanitization	2009-03-10

BACK