4
CVSSv2

CVE-2018-14055

Published: 15/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Summary

ZNC prior to 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

znc znc

debian debian linux 9.0

Vendor Advisories

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service For the stable distribution (stretch), these problems have been fixed in version 165-1+deb9u1 We recommend that you upgrade your znc packages For the detailed security status of znc please refer to its security track ...
Debian Bug report logs - #903787 znc: CVE-2018-14055: privilege escalation to admin permission (injection of rogue values in zncconf) Package: src:znc; Maintainer for src:znc is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jul 2018 20:03:01 UTC Severity ...
ZNC before 171-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue values into zncconf, and gain shell access ...
Arch Linux Security Advisory ASA-201807-11 ========================================== Severity: High Date : 2018-07-19 CVE-ID : CVE-2018-14055 CVE-2018-14056 Package : znc Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-737 Summary ======= The package znc before version 171-1 is vulnerable to multiple i ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4252-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 18, 2018 wwwdebianorg/security/faq ...