Published: 15/07/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

ZNC prior to 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Vulnerable Product	Search on Vulmon	Subscribe to Product
znc znc
debian debian linux 9.0

Debian Bug report logs - #903787 znc: CVE-2018-14055: privilege escalation to admin permission (injection of rogue values in zncconf) Package: src:znc; Maintainer for src:znc is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jul 2018 20:03:01 UTC Severity ...

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service For the stable distribution (stretch), these problems have been fixed in version 165-1+deb9u1 We recommend that you upgrade your znc packages For the detailed security status of znc please refer to its security track ...

ZNC before 171-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue values into zncconf, and gain shell access ...

CWE-20 https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://www.debian.org/security/2018/dsa-4252 https://security.gentoo.org/glsa/201807-03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903787 https://nvd.nist.gov https://www.debian.org/security/./dsa-4252

CVE-2018-14055

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect