FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

znc -- multiple vulnerabilities

Affected packages
znc < 1.7.1

Details

VuXML ID c6d1a8a6-8a91-11e8-be4d-005056925db4
Discovery 2018-07-14
Entry 2018-07-18

Mitre reports:

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

References

CVE Name CVE-2018-14055
CVE Name CVE-2018-14056
URL https://wiki.znc.in/ChangeLog/1.7.1