11034 – znc new security issue CVE-2013-2130

Bug 11034 - znc new security issue CVE-2013-2130

Summary: znc new security issue CVE-2013-2130

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/563960/
Whiteboard:	has_procedure mga3-64-ok mga3-32-ok
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-08-19 23:30 CEST by David Walser
Modified:	2013-08-22 20:18 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	znc-1.0-2.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-08-19 23:30:16 CEST

Fedora has issued an advisory on August 2:
https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114144.html

Mageia 2 is not affected, as only version 1.0 of znc is affected.

Patched packages uploaded for Mageia 3 and Cauldron.

Advisory:
========================

Updated znc packages fix security vulnerability:

Multiple vulnerabilities were reported in ZNC version 1.0 which can be exploited
by malicious authenticated users to cause a denial of service. These flaws are
due to errors when handling the "editnetwork", "editchan", "addchan", and
"delchan" page requests; they can be exploited to cause a NULL pointer
dereference (CVE-2013-2130).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2130
https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114144.html
========================

Updated packages in core/updates_testing:
========================
znc-1.0-2.1.mga3
znc-devel-1.0-2.1.mga3

from znc-1.0-2.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 claire robinson 2013-08-20 16:05:42 CEST

Testing complete mga3 64

No PoC's but the CVE is to do with the webadmin interface so checking that works.

$ znc --makeconf

answer all the questions it asks and allow it to start.

created with user/password  znctest/znctest

Connected to the running znc instance with an irc client with the server as localhost and the port znc was configured to listen on (I used 3456) and the server password set to znctest/freenode:znctest

Logged into the web interface at https://localhost:3456 and made sure it was still able to edit channels and networks.

Killed znc with 'killall znc'

It does seem to be missing a systemd service so i'll create a new bug for that.

Whiteboard: (none) => has_procedure mga3-64-ok

Comment 2 David GEIGER 2013-08-20 18:37:33 CEST

Testing complete mga3_32, ok for me nothing to report.

same as comment 1

CC: (none) => geiger.david68210
Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok

Comment 3 claire robinson 2013-08-20 18:45:25 CEST

Validating. Advisory from comment 0 uploaded.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 claire robinson 2013-08-20 18:47:35 CEST

bug 11040 created for the systemd service

Comment 5 Thomas Backlund 2013-08-22 20:18:56 CEST

Update pushed:
http://advisories.mageia.org/MGASA-2013-0257.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.