SB2019081548 - Permissions, Privileges, and Access Controls in znc (Alpine package)
Published: August 15, 2019
Security Bulletin ID
SB2019081548
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-12816)
The vulnerability allows a remote authenticated user to execute arbitrary code.
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cdfce01d9c38dda01d4e3ca9dd6d267dfa7921b6
- https://git.alpinelinux.org/aports/commit/?id=77bef56d80b9c2748cacb4d249cb8af4854a1b03
- https://git.alpinelinux.org/aports/commit/?id=9f597246c67939eeee73b2e42c904193c37d14b1
- https://git.alpinelinux.org/aports/commit/?id=5524d0802e01fb342f5903cf764bc02a3cf001e0
- https://git.alpinelinux.org/aports/commit/?id=bbe0e7a47c997626ab5531f35346431f28b947bd
- https://git.alpinelinux.org/aports/commit/?id=5ba4ab63dba572def02e384a6ce330f7fe18aaf7
- https://git.alpinelinux.org/aports/commit/?id=4eb3f0ba36d173d0d72b335c97203d6744d3fac3
- https://git.alpinelinux.org/aports/commit/?id=31a764089f1e1bb0df223c191bfea1d1ae51ca7f