LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New znc packages fix remote code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1848-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
August 02, 2009                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : znc
Vulnerability  : directory traversal
Problem type   : remote
Debian-specific: no
Debian Bug     : 537977

It was discovered that znc, an IRC proxy, did not properly process
certain DCC requests, allowing attackers to upload arbitrary files.

For the old stable distribution (etch), this problem has been fixed in
version  0.045-3+etch3.

For the stable distribution (lenny), this problem has been fixed in
version 0.058-2+lenny3.

For the unstable distribution (sid), this problem has been fixed in
version 0.074-1.

We recommend that you upgrade your znc package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.dsc
    Size/MD5 checksum:      667 933a585b14d230df9dd1a8b6ee5ad4b6
  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.diff.gz
    Size/MD5 checksum:    14501 330d9e4ac7894dbfec53bf9cf1e52660
  http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz
    Size/MD5 checksum:   204863 9a514b125b7514811fd03befa73cce77

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_alpha.deb
    Size/MD5 checksum:   863536 a49fb4cba67de68d20b9da2cd8867362

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_amd64.deb
    Size/MD5 checksum:   794176 ed5f4fe35ce0a2550aa16a423e100065

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_arm.deb
    Size/MD5 checksum:   906432 f49d4961b57febdbc184146bbc0aca2f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_hppa.deb
    Size/MD5 checksum:   860972 659a6b3b95f80220b8c55fc54c7c1657

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_i386.deb
    Size/MD5 checksum:   811820 e2ed63396c2813e5e8a064ab5b4ac646

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_ia64.deb
    Size/MD5 checksum:   963774 37187a7fb2cc43d51e8112330311334a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mips.deb
    Size/MD5 checksum:   716040 9f206ba9ef54ff3658bbf62c5ec448b5

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mipsel.deb
    Size/MD5 checksum:   714202 272cbc77e814fb6ef155e0cd33a1fcbe

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_powerpc.deb
    Size/MD5 checksum:   793154 84bb601bf6ebf409fbca63545b37c123

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_s390.deb
    Size/MD5 checksum:   735198 67f86f69500e96461d1cea10fead09a9

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_sparc.deb
    Size/MD5 checksum:   751090 1a0088824517b4f542e9589febc25536

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.dsc
    Size/MD5 checksum:     1037 93fe1b9b7bd7aeebd7b3e0c3854a477f
  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.diff.gz
    Size/MD5 checksum:     9628 6fd05e2dbb8e6796dcc647bd79e9d1a0
  http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
    Size/MD5 checksum:   340741 c02fd740c55d5b3a7912f7584344103e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_alpha.deb
    Size/MD5 checksum:  1096456 18a4159f41d3b931b31f98b84d2fb269

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_amd64.deb
    Size/MD5 checksum:  1031744 bc265fa88c9bb707b67e757b63ed5853

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_arm.deb
    Size/MD5 checksum:  1152106 dbf436ac4085fa58d3d51c6f9b642c16

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_armel.deb
    Size/MD5 checksum:   964084 fe6c30329c2deb11d40875b8642d3127

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_hppa.deb
    Size/MD5 checksum:  1164842 cf1a064e2ece7df88b9d4b9370811d8b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_i386.deb
    Size/MD5 checksum:  1010412 654653749e84562db775a6dfd1ca3ebd

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_ia64.deb
    Size/MD5 checksum:  1183120 31579bc427d4cf4f941b3aea648740d2

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mips.deb
    Size/MD5 checksum:   915526 a94198400fd7832802260953d8f10acb

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mipsel.deb
    Size/MD5 checksum:   907738 b794ceddef5b50eb6ecad8b16aaff23b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_powerpc.deb
    Size/MD5 checksum:  1035914 3176e289856565c20528b779b5dd5b65

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_s390.deb
    Size/MD5 checksum:   971812 b51b7e7bb2d2b26ac7619a2db5274def

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_sparc.deb
    Size/MD5 checksum:  1003518 681f3ddd6b61aaae7329b3835d926978


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.