ZNC security report: CVEs for Lucid, Hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
znc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Thomas Ward |
Bug Description
I plan on trying to patch these over the next few weeks or so, hence the "bug report".
Based on information found in http://
CVE-2010-2448:
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a
denial of service (crash) by requesting traffic statistics when there is an
active unauthenticated connection, which triggers a NULL pointer
dereference, as demonstrated using (1) a traffic link in the web
administration pages or (2) the traffic command in the /znc shell.
CVE-2010-2488:
denial of service bug - refer to http://
CVE-2010-2812:
Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of
service (exception and daemon crash) via a PING command that lacks an
argument.
CVE-2010-2934:
Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to
cause a denial of service (exception and daemon crash) via unknown vectors
related to "unsafe substr() calls."
Currently supported Releases at the time of this bug report, and whether they are affected:
Hardy: Affected
Lucid: Affected (0.078-1 in release/universe)
Oneiric: Not Affected (0.098-2ubuntu1)
Precise: Not Affected (0.206-1)
Quantal: Not Affected (0.206-2)
Raring: Not Affected (1.0-2)
Related branches
Changed in znc (Ubuntu): | |
status: | New → Fix Released |
summary: |
- ZNC security report: CVEs for Lucid + ZNC security report: CVEs for Lucid, Hardy |
Changed in znc (Ubuntu Lucid): | |
assignee: | nobody → Thomas Ward (teward) |
status: | New → In Progress |
Changed in znc (Ubuntu Hardy): | |
assignee: | nobody → Thomas Ward (teward) |
status: | New → In Progress |
description: | updated |
Changed in znc (Ubuntu Hardy): | |
status: | Incomplete → Won't Fix |
Oops, I removed In Progress and myself as assignee for Lucid. My bad. Meant to just do it for Hardy :P