[ASA-201807-11] znc: multiple issues

Santiago Torres-Arias santiago at archlinux.org
Fri Jul 20 15:43:14 UTC 2018


Arch Linux Security Advisory ASA-201807-11
==========================================

Severity: High
Date    : 2018-07-19
CVE-ID  : CVE-2018-14055 CVE-2018-14056
Package : znc
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-737

Summary
=======

The package znc before version 1.7.1-1 is vulnerable to multiple issues
including privilege escalation and directory traversal.

Resolution
==========

Upgrade to 1.7.1-1.

# pacman -Syu "znc>=1.7.1-1"

The problems have been fixed upstream in version 1.7.1.

Workaround
==========

None.

Description
===========

- CVE-2018-14055 (privilege escalation)

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming
from the network, allowing a non-admin user to escalate privilege,
inject rogue values into znc.conf, and gain shell access.

- CVE-2018-14056 (directory traversal)

ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin
user can set web skin name to ../ to access files outside of the
intended skins directories and to cause DoS.

Impact
======

An authenticated non-admin user is able to read arbitrary files, crash
the application, escalate privileges, or execute arbitrary commands on
the host.

References
==========

https://wiki.znc.in/ChangeLog/1.7.1
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
https://marc.info/?l=oss-security&m=153190583604081
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
https://marc.info/?l=oss-security&m=153190593904101
https://security.archlinux.org/CVE-2018-14055
https://security.archlinux.org/CVE-2018-14056
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180720/4c135d20/attachment.asc>


More information about the arch-security mailing list