Your message dated Fri, 13 Mar 2009 20:01:16 +0000
with message-id <e1lidze-0006x9...@ries.debian.org>
and subject line Bug#516950: fixed in znc 0.045-3+etch2
has caused the Debian Bug report #516950,
regarding znc < 0.066 privilege escalation when using webadmin
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
516950: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: znc
Version: 0.045-3+etch1
Tags: Security
Severity: critical
All ZNC versions which have webadmin contain a privilege escalation bug in
webadmin. This bug was fixed with znc 0.066.
A quote from the changelog[1]:
Webadmin doesn't properly validate user input. If you send a manipulated POST
request to webadmin's edit user page which includes newlines in e.g. the
QuitMessage field, this field will be written unmodified to the config. This way
you can add new lines to znc.conf. The new lines will not be parsed until the
next rehash or restart.
This can be done with nearly all input fields in webadmin. Because every user
can modify himself via webadmin, every user can exploit this bug.
[1] http://en.znc.in/wiki/ChangeLog/0.066
- --
"Do you know that books smell like nutmeg or some spice from a foreign land?"
-- Faber in Fahrenheit 451
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmkLHQACgkQABixOSrV998/+gCePRf5EmG7t1+lztdsr+tE3m+3
jJsAoJwhjz7YdyvoLGjRyRSfCdNSClSh
=Hoee
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: znc
Source-Version: 0.045-3+etch2
We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:
znc_0.045-3+etch2.diff.gz
to pool/main/z/znc/znc_0.045-3+etch2.diff.gz
znc_0.045-3+etch2.dsc
to pool/main/z/znc/znc_0.045-3+etch2.dsc
znc_0.045-3+etch2_amd64.deb
to pool/main/z/znc/znc_0.045-3+etch2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 516...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matth...@web.de> (supplier of updated znc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 4 Mar 2009 12:07:13 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.045-3+etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Patrick Matthäi <patrick.matth...@web.de>
Changed-By: Patrick Matthäi <patrick.matth...@web.de>
Description:
znc - an advanced IRC bouncer
Closes: 516950
Changes:
znc (0.045-3+etch2) oldstable-security; urgency=low
.
* Backported upstream patch from the 0.066 release which fixes the handling
of newlines in CHTTPSock::GetParam() and strip them out. This patch fixes
an important privilege escalation in the webadmin module.
Closes: #516950
Files:
1962af4c56b4c4c169832249d6b99f30 962 net optional znc_0.045-3+etch2.dsc
9a514b125b7514811fd03befa73cce77 204863 net optional znc_0.045.orig.tar.gz
c254e989604122fb7267a0fafeddfd95 12817 net optional znc_0.045-3+etch2.diff.gz
80c9126c518abe062265cee5d94ca6f1 793694 net optional
znc_0.045-3+etch2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJtCauAAoJEL97/wQC1SS+4UsH/R7TOVSGU2ElGTnzm+XpCYN9
w1GK9X+gqEe8L25lmsPWDPsESOtCh4FNc2msh7olF3seh00mxAaumwThp76c7+PX
mZAPLL2S3rH8CK26NejaZ57VLzAaFzv0UYThJB/VnlWmE8912W2tVTObOIC0VT9l
jm2KEtrW46iW+FOCKdHXjlTAs7K8Yry6MfOXfb75I1XYbqPGI8H3bDwVVY6W+SD7
TEBPAB1xZ6E+oSA+aioShES0SRIo2j3gx2nZwMXs5tXDMEm+xApNwiLRq/XJMWrN
ByNzzl8WQXbzwhgQF7ObUFgrT4kvfF/3bs1TBmv/HeDduMN4IpcXPW9FALHgtAI=
=uCgY
-----END PGP SIGNATURE-----
--- End Message ---
