CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
87.8%
The remote host is missing an update to znc
announced via advisory FEDORA-2009-7952.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64467");
script_version("2023-07-18T05:05:36+0000");
script_tag(name:"last_modification", value:"2023-07-18 05:05:36 +0000 (Tue, 18 Jul 2023)");
script_tag(name:"creation_date", value:"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2009-2658");
script_name("Fedora Core 11 FEDORA-2009-7952 (znc)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC11");
script_tag(name:"insight", value:"Update Information:
Upgrade to 0.072 of ZNC, fixes security issue in bug 513152 An users data
directory traversal flaw was found in the way ZNC used to handle file upload
requests via Direct Client Connection (DCC) /dcc SEND messages. A remote IRC
user could issue a /dcc SEND message with a specially-crafted content (file to
upload), which once accepted by a local, unsuspecting ZNC user, would overwrite
relevant files in the users//downloads data directory.");
script_tag(name:"solution", value:"Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update znc' at the command line.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7952");
script_tag(name:"summary", value:"The remote host is missing an update to znc
announced via advisory FEDORA-2009-7952.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=513152");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"znc", rpm:"znc~0.072~3.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"znc-devel", rpm:"znc-devel~0.072~3.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"znc-debuginfo", rpm:"znc-debuginfo~0.072~3.fc11", rls:"FC11")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}