Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2018-14055 - log back

CVE-2018-14055 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Privilege escalation

Description

+	ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue values into znc.conf, and gain shell access.

References

+	https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
+	https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
+	https://marc.info/?l=oss-security&m=153190583604081

Notes