Your message dated Sun, 02 Aug 2009 20:28:41 +0000
with message-id <e1mxhfd-0003x4...@ries.debian.org>
and subject line Bug#537977: fixed in znc 0.045-3+etch3
has caused the Debian Bug report #537977,
regarding directory traversal bug
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
537977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537977
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: znc
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
znc 0.072 fixes an high-impact directory traversal bug
| You can upload files to znc via /dcc send *status. The files will be saved in
<datadir>/users/<user>/downloads/.
| The code for this didn't do any checking on the file name at all and thus
allowed directory traversal attacks by
| all znc users (no admin privileges required!).
| By exploiting this bug, attackers could e.g. upload a new ssh authorized_keys
file or upload a znc module which
| lets everyone gain shell access. Anything is possible.
| Again: ONLY A NORMAL USER ACCOUNT NEEDED, no admin privileges. THE ATTACKER
GOT WRITE ACCESS TO ALL PLACES ZNC GOT WRITE ACCESS TO.
Patch:
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpmpsEACgkQNxpp46476aoy+QCfY1B9lHH5AQvFZjzPxF7R89GU
4E4An0agaSnyhOzttT9UpQ6MF8EgqCia
=6hw9
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: znc
Source-Version: 0.045-3+etch3
We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:
znc_0.045-3+etch3.diff.gz
to pool/main/z/znc/znc_0.045-3+etch3.diff.gz
znc_0.045-3+etch3.dsc
to pool/main/z/znc/znc_0.045-3+etch3.dsc
znc_0.045-3+etch3_amd64.deb
to pool/main/z/znc/znc_0.045-3+etch3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <pmatth...@debian.org> (supplier of updated znc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 01 Aug 2009 20:23:03 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.045-3+etch3
Distribution: oldstable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Description:
znc - an advanced IRC bouncer
Closes: 537977
Changes:
znc (0.045-3+etch3) oldstable-security; urgency=high
.
* Fixes an high-impact directory traversal bug, where unprivileged users can
save about DCC SEND files on the server with the rights of the znc process.
The attacker could also use the exploit to get a shell on the server.
Closes: #537977
* Change my email address, the old one is not reachable anymore.
Files:
933a585b14d230df9dd1a8b6ee5ad4b6 667 net optional znc_0.045-3+etch3.dsc
330d9e4ac7894dbfec53bf9cf1e52660 14501 net optional znc_0.045-3+etch3.diff.gz
ed5f4fe35ce0a2550aa16a423e100065 794176 net optional
znc_0.045-3+etch3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp0ib0ACgkQ2XA5inpabMcEYwCdGO/6u7RfNaKGMWLSVKNF+ve1
riwAn3JZUa3SfP6J5yeE49PB26QoG0v1
=iWb1
-----END PGP SIGNATURE-----
--- End Message ---
