Vulnerability Description
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
CVSS Score
6.5
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Znc | Znc | <= 0.062 |
Related Weaknesses (CWE)
References
- http://osvdb.org/52295
- http://secunia.com/advisories/34230
- http://www.debian.org/security/2009/dsa-1735
- http://www.openwall.com/lists/oss-security/2009/03/01/2
- http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&soVendor Advisory
- http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revisVendor Advisory
- http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revisVendor Advisory
- http://osvdb.org/52295
- http://secunia.com/advisories/34230
- http://www.debian.org/security/2009/dsa-1735
- http://www.openwall.com/lists/oss-security/2009/03/01/2
- http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&soVendor Advisory
- http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revisVendor Advisory
- http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revisVendor Advisory
FAQ
What is CVE-2009-0759?
CVE-2009-0759 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit me...
How severe is CVE-2009-0759?
CVE-2009-0759 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0759?
Check the references section above for vendor advisories and patch information. Affected products include: Znc Znc.