Your message dated Sun, 02 Aug 2009 20:28:35 +0000
with message-id <e1mxhfx-0003sh...@ries.debian.org>
and subject line Bug#537977: fixed in znc 0.058-2+lenny3
has caused the Debian Bug report #537977,
regarding directory traversal bug
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
537977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537977
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: znc
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
znc 0.072 fixes an high-impact directory traversal bug
| You can upload files to znc via /dcc send *status. The files will be saved in
<datadir>/users/<user>/downloads/.
| The code for this didn't do any checking on the file name at all and thus
allowed directory traversal attacks by
| all znc users (no admin privileges required!).
| By exploiting this bug, attackers could e.g. upload a new ssh authorized_keys
file or upload a znc module which
| lets everyone gain shell access. Anything is possible.
| Again: ONLY A NORMAL USER ACCOUNT NEEDED, no admin privileges. THE ATTACKER
GOT WRITE ACCESS TO ALL PLACES ZNC GOT WRITE ACCESS TO.
Patch:
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpmpsEACgkQNxpp46476aoy+QCfY1B9lHH5AQvFZjzPxF7R89GU
4E4An0agaSnyhOzttT9UpQ6MF8EgqCia
=6hw9
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: znc
Source-Version: 0.058-2+lenny3
We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:
znc_0.058-2+lenny3.diff.gz
to pool/main/z/znc/znc_0.058-2+lenny3.diff.gz
znc_0.058-2+lenny3.dsc
to pool/main/z/znc/znc_0.058-2+lenny3.dsc
znc_0.058-2+lenny3_amd64.deb
to pool/main/z/znc/znc_0.058-2+lenny3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <pmatth...@debian.org> (supplier of updated znc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 24 Jul 2009 10:59:59 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.058-2+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Description:
znc - advanced modular IRC bouncer
Closes: 537977
Changes:
znc (0.058-2+lenny3) stable-security; urgency=high
.
* Fixes an high-impact directory traversal bug, where unprivileged users can
save about DCC SEND files on the server with the rights of the znc process.
The attacker could also use the exploit to get a shell on the server.
Closes: #537977
Checksums-Sha1:
c4e3bd3709fc17e95b5c6e20bf6c6cf669c7b2da 1037 znc_0.058-2+lenny3.dsc
1a834a0e3e72aa9f795e8ed2638213989f21b0f5 9628 znc_0.058-2+lenny3.diff.gz
d375eb69a8f3c99cbedeaaa7dd66ee23c0b4c416 1031744 znc_0.058-2+lenny3_amd64.deb
Checksums-Sha256:
8511df881369ca538399b93a19072cf54cda9b023d9c445b6a755f69157114ef 1037
znc_0.058-2+lenny3.dsc
7f45d1a108f3bee681af3f9b6ba1a3a283ccc4d10c7fcb67d33994ec76e5a125 9628
znc_0.058-2+lenny3.diff.gz
bb4eb14d973e62c224443014e2279d8b1767d0609bc267e0dfc1392e7147bfd0 1031744
znc_0.058-2+lenny3_amd64.deb
Files:
93fe1b9b7bd7aeebd7b3e0c3854a477f 1037 net optional znc_0.058-2+lenny3.dsc
6fd05e2dbb8e6796dcc647bd79e9d1a0 9628 net optional znc_0.058-2+lenny3.diff.gz
bc265fa88c9bb707b67e757b63ed5853 1031744 net optional
znc_0.058-2+lenny3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpt0JkACgkQ2XA5inpabMdkqACgn00ZdobCUhTjBz9d/iVJArkU
IhkAoJk8SnR1iTnTY0sMWcmD+p+SZZXT
=sMjV
-----END PGP SIGNATURE-----
--- End Message ---
