Executive Summary
Summary | |
---|---|
Title | New znc packages fix remote code execution |
Informations | |||
---|---|---|---|
Name | DSA-1848 | First vendor Publication | 2009-08-02 |
Vendor | Debian | Last vendor Modification | 2009-08-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the old stable distribution (etch), this problem has been fixed in version 0.045-3+etch3. For the stable distribution (lenny), this problem has been fixed in version 0.058-2+lenny3. For the unstable distribution (sid), this problem has been fixed in version 0.074-1. We recommend that you upgrade your znc package. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1848 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-09-15 | Name : Gentoo Security Advisory GLSA 200909-17 (znc) File : nvt/glsa_200909_17.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1848-1 (znc) File : nvt/deb_1848_1.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7937 (znc) File : nvt/fcore_2009_7937.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7952 (znc) File : nvt/fcore_2009_7952.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56184 | ZNC DCC Send Command Traversal Arbitrary File Upload |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1848.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-17.nasl - Type : ACT_GATHER_INFO |
2009-07-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7937.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:40 |
|