stable

znc-0.072-3.el5

FEDORA-EPEL-2009-0117 created by nb 13 years ago for Fedora EPEL 5

No CVE yet, one has been requested.

Upgrade to 0.072 of ZNC, fixes security issue in bug 513152

An users data directory traversal flaw was found in the way ZNC used to handle file upload requests via Direct Client Connection (DCC) /dcc SEND messages. A remote IRC user could issue a /dcc SEND message with a specially-crafted content (file to upload), which once accepted by a local, unsuspecting ZNC user, would overwrite relevant files in the users/<user>/downloads data directory.

This update has been pushed to stable

13 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
13 years ago
in stable
13 years ago
modified
13 years ago
BZ#513152 ZNC: Users data directory traversal flaw via Direct Client Connection message
0
0

Automated Test Results