J-Security Center

Title: ZNC Webadmin Module Remote Privilege Escalation Vulnerability

Severity: HIGH

Description:

ZNC is a bouncer application for Internet Relay Chat (IRC).

ZNC is prone to a remote privilege-escalation vulnerability that affects the application's webadmin module. The issue arises because the software fails to validate user-supplied input. An attacker with valid authentication credentials can exploit this issue by sending a specially crafted HTTP POST request containing newline characters to the webadmin module's edit user page. The attacker can use this request to modify the value of the fields in the 'znc.conf' configuration file.

Attackers can exploit this issue to gain administrative access to the affected application and then load a shell module to access the underlying computer. This may result in further attacks.

Versions prior to ZNC 0.066 are affected.

Affected Products:

  • Debian Linux 4.0
  • Debian Linux 4.0 alpha
  • Debian Linux 4.0 amd64
  • Debian Linux 4.0 arm
  • Debian Linux 4.0 armel
  • Debian Linux 4.0 hppa
  • Debian Linux 4.0 ia-32
  • Debian Linux 4.0 ia-64
  • Debian Linux 4.0 m68k
  • Debian Linux 4.0 mips
  • Debian Linux 4.0 mipsel
  • Debian Linux 4.0 powerpc
  • Debian Linux 4.0 s/390
  • Debian Linux 4.0 sparc
  • Debian Linux 5.0
  • Debian Linux 5.0 alpha
  • Debian Linux 5.0 amd64
  • Debian Linux 5.0 arm
  • Debian Linux 5.0 armel
  • Debian Linux 5.0 hppa
  • Debian Linux 5.0 ia-32
  • Debian Linux 5.0 ia-64
  • Debian Linux 5.0 m68k
  • Debian Linux 5.0 mips
  • Debian Linux 5.0 mipsel
  • Debian Linux 5.0 powerpc
  • Debian Linux 5.0 s/390
  • Debian Linux 5.0 sparc
  • Gentoo Linux
  • ZNC ZNC 0.060
  • ZNC ZNC 0.062
  • ZNC ZNC 0.064

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.