1227393 – (CVE-2024-39844) VUL-0: CVE-2024-39844: znc: arbitrary code embedded into the kick reason executed while kicking someone on a channel

Bug 1227393 (CVE-2024-39844) - VUL-0: CVE-2024-39844: znc: arbitrary code embedded into the kick reason executed while kicking someone on a channel

Summary: VUL-0: CVE-2024-39844: znc: arbitrary code embedded into the kick reason exec...

Status:	IN_PROGRESS

Alias:	CVE-2024-39844

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P2 - High Severity: Major (vote)
Target Milestone:	---
Assignee:	Martin Pluskal
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/412810/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-04 11:10 UTC by SMASH SMASH
Modified:	2024-07-10 07:23 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-04 11:10:34 UTC

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39844
https://seclists.org/oss-sec/2024/q3/23
https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e
https://www.cve.org/CVERecord?id=CVE-2024-39844
https://github.com/znc/znc/releases/tag/znc-1.9.1
https://wiki.znc.in/Category:ChangeLog
https://wiki.znc.in/ChangeLog/1.9.1
http://www.openwall.com/lists/oss-security/2024/07/03/9

Comment 1 Camila Camargo de Matos 2024-07-04 11:11:02 UTC

Patch: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e

Comment 3 Michael Vetter 2024-07-05 06:27:55 UTC

SR#1185717 to devel project.

Comment 4 David Mulder 2024-07-05 16:06:20 UTC

https://build.opensuse.org/request/show/1185807

Comment 5 Michael Vetter 2024-07-08 06:48:17 UTC

(In reply to David Mulder from comment #4)
> https://build.opensuse.org/request/show/1185807

What was wrong about my submission? :)

Comment 6 Adam Majer 2024-07-08 08:21:16 UTC

There are 3 submit requests now. I guess the package is popular.

https://build.opensuse.org/request/show/1185717
https://build.opensuse.org/request/show/1185807
https://build.opensuse.org/request/show/1185826

Hint: someone should accept one so it can go to Factory ;)

Comment 7 David Mulder 2024-07-08 13:49:30 UTC

(In reply to Michael Vetter from comment #5)
> (In reply to David Mulder from comment #4)
> > https://build.opensuse.org/request/show/1185807
> 
> What was wrong about my submission? :)

Lol, the only thing wrong with it is I wasn't paying attention and thought you wanted me to do the submission.

Comment 8 Michael Vetter 2024-07-10 07:23:56 UTC

(In reply to David Mulder from comment #7)
> (In reply to Michael Vetter from comment #5)
> > (In reply to David Mulder from comment #4)
> > > https://build.opensuse.org/request/show/1185807
> > 
> > What was wrong about my submission? :)
> 
> Lol, the only thing wrong with it is I wasn't paying attention and thought
> you wanted me to do the submission.

I see :)

https://build.opensuse.org/request/show/1186187 was accepted to Factory.
I think now Leap 15.6 also needs a submission.