Fedora 11: ZNC 0.072-3 Critical: Data Traversal File Overwrite Fix
fedora
July 23, 2009
No CVE yet, one has been requested
Summary
ZNC is an IRC bouncer with many advanced features like detaching,
multiple users, per channel playback buffer, SSL, IPv6, transparent
DCC bouncing, Perl and C++ module support to name a few.
Update Information:
No CVE yet, one has been requested. Upgrade to 0.072 of ZNC, fixes security
issue in bug 513152 An users data directory traversal flaw was found in the
way ZNC used to handle file upload requests via Direct Client Connection (DCC)
/dcc SEND messages. A remote IRC user could issue a /dcc SEND message with a
specially-crafted content (file to upload), which once accepted by a local,
unsuspecting ZNC user, would overwrite relevant files in the
users/
Topics Covered
Change Log
References
[ 1 ] Bug #513152 - ZNC: Users data directory traversal flaw via Direct Client Connection message
https://bugzilla.redhat.com/show_bug.cgi?id=513152
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update znc' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: znc
Product: Fedora 11
Version: 0.072
Release: 3.fc11
URL: Summary : An advanced IRC bouncer
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!