CVE-2018-14055

CVE-2018-14055

Name

CVE-2018-14055

Description

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
Patch	https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
Third Party Advisory	https://www.debian.org/security/2018/dsa-4252
Third Party Advisory	https://security.gentoo.org/glsa/201807-03

Type

URI

Patch

https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

Patch

https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e

Third Party Advisory

https://www.debian.org/security/2018/dsa-4252

Third Party Advisory

https://security.gentoo.org/glsa/201807-03

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:znc:znc::::::::`	znc	>= None	<= 1.7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:znc:znc:*:*:*:*:*:*:*:*

znc

>= None

<= 1.7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
znc	edge-community	1.7.1-r0	None	fixed
znc	3.22-community	1.7.1-r0	None	fixed
znc	3.21-community	1.7.1-r0	None	fixed
znc	3.20-community	1.7.1-r0	None	fixed
znc	3.19-community	1.7.1-r0	None	fixed
znc	3.18-community	1.7.1-r0	None	fixed
znc	3.17-community	1.7.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

znc

edge-community

1.7.1-r0

None

fixed

znc

3.22-community