{"cve": [{"lastseen": "2020-12-09T19:58:29", "description": "The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a \"use-after-delete\" error.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 5, "cvss3": {}, "published": "2014-12-19T15:59:00", "title": "CVE-2014-9403", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9403"], "modified": "2015-09-29T00:31:00", "cpe": ["cpe:/a:znc:znc:1.2"], "id": "CVE-2014-9403", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9403", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:znc:znc:1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:59", "description": "ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.\nPer: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "edition": 3, "cvss3": {}, "published": "2014-06-05T20:55:00", "title": "CVE-2013-2130", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2130"], "modified": "2015-09-10T15:24:00", "cpe": ["cpe:/a:znc:znc:1.0"], "id": "CVE-2013-2130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2130", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:znc:znc:1.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130", "CVE-2014-9403"], "description": "Gentoo Linux Local Security Checks GLSA 201412-31", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121317", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-31.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121317\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:18 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-31\");\n script_tag(name:\"insight\", value:\"Multiple NULL pointer dereferences have been found in ZNC.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-31\");\n script_cve_id(\"CVE-2013-2130\", \"CVE-2014-9403\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-31\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-irc/znc\", unaffected: make_list(\"ge 1.2-r1\"), vulnerable: make_list(\"lt 1.2-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-06-18T15:47:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9403"], "description": "ZNC is prone to a denial-of-service vulnerability.", "modified": "2020-06-16T00:00:00", "published": "2015-08-29T00:00:00", "id": "OPENVAS:1361412562310111033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310111033", "type": "openvas", "title": "ZNC < 1.4 DoS Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ZNC 'CVE-2014-9403' NULL Pointer Dereference Denial Of Service Vulnerability\n#\n# Authors:\n# Christian Fischer <info@schutzwerk.com>\n#\n# Copyright:\n# Copyright (c) 2015 SCHUTZWERK GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:znc:znc\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.111033\");\n script_version(\"2020-06-16T12:34:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 12:34:04 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-29 12:00:00 +0200 (Sat, 29 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2014-9403\");\n script_bugtraq_id(66926);\n\n script_name(\"ZNC < 1.4 DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2015 SCHUTZWERK GmbH\");\n script_dependencies(\"gb_znc_consolidation.nasl\");\n script_mandatory_keys(\"znc/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/66926\");\n\n script_tag(name:\"summary\", value:\"ZNC is prone to a denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to crash the application,\n denying service to legitimate users.\");\n\n script_tag(name:\"affected\", value:\"ZNC 1.2 is vulnerable. Other versions may also be affected.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) )\n exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"1.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.4\" );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-01-24T11:10:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "description": "Check for the Version of znc", "modified": "2018-01-24T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866473", "href": "http://plugins.openvas.org/nasl.php?oid=866473", "type": "openvas", "title": "Fedora Update for znc FEDORA-2013-14123", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for znc FEDORA-2013-14123\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866473);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 12:43:07 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2130\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Fedora Update for znc FEDORA-2013-14123\");\n\n tag_insight = \"ZNC is an IRC bouncer with many advanced features like detaching,\nmultiple users, per channel playback buffer, SSL, IPv6, transparent\nDCC bouncing, Perl and C++ module support to name a few.\n\";\n\n tag_affected = \"znc on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14123\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114172.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of znc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"znc\", rpm:\"znc~1.2~0.1.alpha1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-06T13:09:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "description": "Check for the Version of znc", "modified": "2018-02-05T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866714", "href": "http://plugins.openvas.org/nasl.php?oid=866714", "type": "openvas", "title": "Fedora Update for znc FEDORA-2013-14132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for znc FEDORA-2013-14132\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866714);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:23:58 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2130\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Fedora Update for znc FEDORA-2013-14132\");\n\n tag_insight = \"ZNC is an IRC bouncer with many advanced features like detaching,\nmultiple users, per channel playback buffer, SSL, IPv6, transparent\nDCC bouncing, Perl and C++ module support to name a few.\n\";\n\n tag_affected = \"znc on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14132\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114144.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of znc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"znc\", rpm:\"znc~1.2~0.1.alpha1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866473", "type": "openvas", "title": "Fedora Update for znc FEDORA-2013-14123", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for znc FEDORA-2013-14123\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866473\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 12:43:07 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2130\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Fedora Update for znc FEDORA-2013-14123\");\n\n\n script_tag(name:\"affected\", value:\"znc on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14123\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114172.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'znc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"znc\", rpm:\"znc~1.2~0.1.alpha1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866714", "type": "openvas", "title": "Fedora Update for znc FEDORA-2013-14132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for znc FEDORA-2013-14132\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866714\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:23:58 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2130\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Fedora Update for znc FEDORA-2013-14132\");\n\n\n script_tag(name:\"affected\", value:\"znc on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14132\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114144.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'znc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"znc\", rpm:\"znc~1.2~0.1.alpha1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-06-18T15:47:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "description": "ZNC is prone to multiple remote denial-of-service vulnerabilities.", "modified": "2020-06-16T00:00:00", "published": "2015-08-29T00:00:00", "id": "OPENVAS:1361412562310111032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310111032", "type": "openvas", "title": "ZNC WebAdmin Multiple NULL Pointer Dereference Denial of Service Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ZNC WebAdmin Multiple NULL Pointer Dereference Denial of Service Vulnerabilities\n#\n# Authors:\n# Christian Fischer <info@schutzwerk.com>\n#\n# Copyright:\n# Copyright (c) 2015 SCHUTZWERK GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:znc:znc\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.111032\");\n script_version(\"2020-06-16T12:34:04+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 12:34:04 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-29 12:00:00 +0200 (Sat, 29 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2013-2130\");\n script_bugtraq_id(60199);\n\n script_name(\"ZNC WebAdmin Multiple NULL Pointer Dereference Denial of Service Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2015 SCHUTZWERK GmbH\");\n script_dependencies(\"gb_znc_consolidation.nasl\");\n script_mandatory_keys(\"znc/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/60199\");\n\n script_tag(name:\"summary\", value:\"ZNC is prone to multiple remote denial-of-service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"An attacker may exploit these issues to crash the application, resulting\n in denial-of-service conditions.\");\n\n script_tag(name:\"affected\", value:\"These issues affect ZNC 1.0.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) )\n exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"1.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.2\" );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2130", "CVE-2014-9403"], "edition": 1, "description": "### Background\n\nZNC is an advanced IRC bouncer.\n\n### Description\n\nMultiple NULL pointer dereferences have been found in ZNC. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ZNC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-irc/znc-1.2-r1\"", "modified": "2014-12-19T00:00:00", "published": "2014-12-19T00:00:00", "id": "GLSA-201412-31", "href": "https://security.gentoo.org/glsa/201412-31", "type": "gentoo", "title": "ZNC: Denial of Service", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2013-2130", "CVE-2014-9403"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:013\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : znc\r\n Date : January 8, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated znc packages fix security vulnerabilities:\r\n \r\n Multiple vulnerabilities were reported in ZNC version 1.0 which can\r\n be exploited by malicious authenticated users to cause a denial of\r\n service. These flaws are due to errors when handling the editnetwork,\r\n editchan, addchan, and delchan page requests; they can be exploited\r\n to cause a NULL pointer dereference (CVE-2013-2130).\r\n \r\n Adding an already existing channel to a user/network via web admin\r\n in ZNC causes a crash if the channel name isn't prefixed with '#'\r\n (CVE-2014-9403).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2130\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9403\r\n http://advisories.mageia.org/MGASA-2013-0257.html\r\n http://advisories.mageia.org/MGASA-2014-0543.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 29b17226d994c1f270a1baa2041b13c8 mbs1/x86_64/znc-1.0-1.mbs1.x86_64.rpm\r\n 7dd91843427d846e4a816057e00f1674 mbs1/x86_64/znc-devel-1.0-1.mbs1.x86_64.rpm \r\n cdd211c05eed32a4595ba60733dd37ef mbs1/SRPMS/znc-1.0-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUrpw6mqjQ0CJFipgRAgu7AJ0Rk5MtnVO3LxHqyajvbhnU4i3RSACdHGD8\r\nvL8oLuzvmXnOZIf92uP8YlU=\r\n=s3vq\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "SECURITYVULNS:DOC:31600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31600", "title": "[ MDVSA-2015:013 ] znc", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:54:51", "description": "Updated znc packages fix security vulnerabilities :\n\nMultiple vulnerabilities were reported in ZNC version 1.0 which can be\nexploited by malicious authenticated users to cause a denial of\nservice. These flaws are due to errors when handling the editnetwork,\neditchan, addchan, and delchan page requests; they can be exploited to\ncause a NULL pointer dereference (CVE-2013-2130).\n\nAdding an already existing channel to a user/network via web admin in\nZNC causes a crash if the channel name isn't prefixed with '#'\n(CVE-2014-9403).", "edition": 26, "published": "2015-01-09T00:00:00", "title": "Mandriva Linux Security Advisory : znc (MDVSA-2015:013)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130", "CVE-2014-9403"], "modified": "2015-01-09T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:znc", "p-cpe:/a:mandriva:linux:znc-devel"], "id": "MANDRIVA_MDVSA-2015-013.NASL", "href": "https://www.tenable.com/plugins/nessus/80432", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:013. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80432);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2130\", \"CVE-2014-9403\");\n script_bugtraq_id(60199, 66926);\n script_xref(name:\"MDVSA\", value:\"2015:013\");\n\n script_name(english:\"Mandriva Linux Security Advisory : znc (MDVSA-2015:013)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated znc packages fix security vulnerabilities :\n\nMultiple vulnerabilities were reported in ZNC version 1.0 which can be\nexploited by malicious authenticated users to cause a denial of\nservice. These flaws are due to errors when handling the editnetwork,\neditchan, addchan, and delchan page requests; they can be exploited to\ncause a NULL pointer dereference (CVE-2013-2130).\n\nAdding an already existing channel to a user/network via web admin in\nZNC causes a crash if the channel name isn't prefixed with '#'\n(CVE-2014-9403).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0257.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0543.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected znc and / or znc-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:znc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:znc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"znc-1.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"znc-devel-1.0-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:56:44", "description": "The remote host is affected by the vulnerability described in GLSA-201412-31\n(ZNC: Denial of Service)\n\n Multiple NULL pointer dereferences have been found in ZNC.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-12-19T00:00:00", "title": "GLSA-201412-31 : ZNC: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130", "CVE-2014-9403"], "modified": "2014-12-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:znc"], "id": "GENTOO_GLSA-201412-31.NASL", "href": "https://www.tenable.com/plugins/nessus/80109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-31.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80109);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2130\", \"CVE-2014-9403\");\n script_xref(name:\"GLSA\", value:\"201412-31\");\n\n script_name(english:\"GLSA-201412-31 : ZNC: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-31\n(ZNC: Denial of Service)\n\n Multiple NULL pointer dereferences have been found in ZNC.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ZNC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-irc/znc-1.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:znc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-irc/znc\", unaffected:make_list(\"ge 1.2-r1\"), vulnerable:make_list(\"lt 1.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ZNC\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:56", "description": "Znc was updated to 1.6.2 to fix one security issue.\n\nThe following vulnerability was fixed :\n\n - CVE-2014-9403: Remote unauthenticated users could cause\n denial of service via channel creation. [boo#956254]\n\nAlso contains all bug fixes in the 1.6.2 release.", "edition": 17, "published": "2015-12-02T00:00:00", "title": "openSUSE Security Update : znc (openSUSE-2015-845)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9403"], "modified": "2015-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:znc-python3-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:znc-debuginfo", "p-cpe:/a:novell:opensuse:znc-python3", "p-cpe:/a:novell:opensuse:znc-devel", "p-cpe:/a:novell:opensuse:znc-tcl", "p-cpe:/a:novell:opensuse:znc-debugsource", "p-cpe:/a:novell:opensuse:znc", "p-cpe:/a:novell:opensuse:znc-tcl-debuginfo", "p-cpe:/a:novell:opensuse:znc-perl-debuginfo", "p-cpe:/a:novell:opensuse:znc-perl"], "id": "OPENSUSE-2015-845.NASL", "href": "https://www.tenable.com/plugins/nessus/87166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-845.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87166);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9403\");\n\n script_name(english:\"openSUSE Security Update : znc (openSUSE-2015-845)\");\n script_summary(english:\"Check for the openSUSE-2015-845 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Znc was updated to 1.6.2 to fix one security issue.\n\nThe following vulnerability was fixed :\n\n - CVE-2014-9403: Remote unauthenticated users could cause\n denial of service via channel creation. [boo#956254]\n\nAlso contains all bug fixes in the 1.6.2 release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956254\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected znc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:znc-tcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-debuginfo-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-debugsource-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-devel-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-perl-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-perl-debuginfo-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-python3-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-python3-debuginfo-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-tcl-1.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"znc-tcl-debuginfo-1.6.2-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"znc / znc-debuginfo / znc-debugsource / znc-devel / znc-perl / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:58", "description": "Update to 1.2-alpha1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-08-20T00:00:00", "title": "Fedora 19 : znc-1.2-0.1.alpha1.fc19 (2013-14132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "modified": "2013-08-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:znc", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-14132.NASL", "href": "https://www.tenable.com/plugins/nessus/69382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14132.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69382);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2130\");\n script_xref(name:\"FEDORA\", value:\"2013-14132\");\n\n script_name(english:\"Fedora 19 : znc-1.2-0.1.alpha1.fc19 (2013-14132)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.2-alpha1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=968562\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114144.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9dfc3828\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected znc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:znc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"znc-1.2-0.1.alpha1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"znc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:58", "description": "Update to 1.2-alpha1\n\nFix CVE-2013-2130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-08-20T00:00:00", "title": "Fedora 18 : znc-1.2-0.1.alpha1.fc18 (2013-14123)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2130"], "modified": "2013-08-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:znc"], "id": "FEDORA_2013-14123.NASL", "href": "https://www.tenable.com/plugins/nessus/69381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14123.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69381);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2130\");\n script_xref(name:\"FEDORA\", value:\"2013-14123\");\n\n script_name(english:\"Fedora 18 : znc-1.2-0.1.alpha1.fc18 (2013-14123)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.2-alpha1\n\nFix CVE-2013-2130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=968562\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0af6657e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected znc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:znc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"znc-1.2-0.1.alpha1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"znc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2130"], "description": "ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few. ", "modified": "2013-08-16T23:04:55", "published": "2013-08-16T23:04:55", "id": "FEDORA:ACC9321789", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: znc-1.2-0.1.alpha1.fc18", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2130"], "description": "ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few. ", "modified": "2013-08-16T22:57:57", "published": "2013-08-16T22:57:57", "id": "FEDORA:DF0C321AE7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: znc-1.2-0.1.alpha1.fc19", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}
