FEDORA-EPEL-2009-0117 created by nb 11 years ago for Fedora EPEL 5
stable

No CVE yet, one has been requested.

Upgrade to 0.072 of ZNC, fixes security issue in bug 513152

An users data directory traversal flaw was found in the way ZNC used to handle file upload requests via Direct Client Connection (DCC) /dcc SEND messages. A remote IRC user could issue a /dcc SEND message with a specially-crafted content (file to upload), which once accepted by a local, unsuspecting ZNC user, would overwrite relevant files in the users/<user>/downloads data directory.

This update has been pushed to stable

11 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
11 years ago
in stable
11 years ago
modified
11 years ago
BZ#513152 ZNC: Users data directory traversal flaw via Direct Client Connection message
0
0

Automated Test Results