-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: znc Version: 0.045-3+etch1 Tags: Security Severity: critical
All ZNC versions which have webadmin contain a privilege escalation bug in webadmin. This bug was fixed with znc 0.066. A quote from the changelog[1]: Webadmin doesn't properly validate user input. If you send a manipulated POST request to webadmin's edit user page which includes newlines in e.g. the QuitMessage field, this field will be written unmodified to the config. This way you can add new lines to znc.conf. The new lines will not be parsed until the next rehash or restart. This can be done with nearly all input fields in webadmin. Because every user can modify himself via webadmin, every user can exploit this bug. [1] http://en.znc.in/wiki/ChangeLog/0.066 - -- "Do you know that books smell like nutmeg or some spice from a foreign land?" -- Faber in Fahrenheit 451 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmkLHQACgkQABixOSrV998/+gCePRf5EmG7t1+lztdsr+tE3m+3 jJsAoJwhjz7YdyvoLGjRyRSfCdNSClSh =Hoee -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
