Bug 956254 - (CVE-2014-9403) VUL-0: CVE-2014-9403 znc: Crash while adding channels to the web admin
(CVE-2014-9403)
VUL-0: CVE-2014-9403 znc: Crash while adding channels to the web admin
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.1
: P5 - None : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/111738/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-23 12:44 UTC by Andreas Stieger
Modified: 2018-07-18 08:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-11-23 12:44:34 UTC
The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4
allows remote authenticated users to cause a denial of service (NULL pointer
dereference and crash) by adding a channel with the same name as an existing
channel but without the leading # character, related to a "use-after-delete"
error.

http://wiki.znc.in/ChangeLog/1.6.2
Fixed a use-after-delete in webadmin. It was already partially fixed in ZNC 1.4; since 1.4 it has been still possible to trigger, but much harder. (#528)

Details:
https://github.com/znc/znc/issues/528

Partial fix in 1.4, complete fix in 1.6.2.

Affects openSUSE Leap 42.1 and SLE 12 Backports. 
Submission is in, adding tracking for completeness.

Maintainer, please submit again with this bug number and CVE.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1177580
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9403
http://www.openwall.com/lists/oss-security/2014/12/18/2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9403.html
http://www.cvedetails.com/cve/CVE-2014-9403/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9403
http://secunia.com/advisories/57795
http://www.securityfocus.com/bid/66926
http://advisories.mageia.org/MGASA-2014-0543.html
https://github.com/znc/znc/issues/528
https://github.com/znc/znc/blob/master/ChangeLog.md
Comment 1 Bernhard Wiedemann 2015-11-23 13:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/345868 Backports:SLE-12+42.1 / znc+znc.openSUSE_Backports_SLE-12
Comment 2 Andreas Stieger 2015-11-23 13:09:20 UTC
Thanks, update is running
Comment 3 Andreas Stieger 2015-12-01 22:21:57 UTC
releasing
Comment 4 Swamp Workflow Management 2015-12-02 02:10:08 UTC
openSUSE-SU-2015:2163-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 956254
CVE References: CVE-2014-9403
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    znc-1.6.2-9.1
Comment 5 Swamp Workflow Management 2015-12-02 02:10:25 UTC
openSUSE-SU-2015:2164-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 956254
CVE References: CVE-2014-9403
Sources used:
openSUSE Leap 42.1 (src):    znc-1.6.2-8.1
Comment 6 Swamp Workflow Management 2018-07-16 13:20:18 UTC
This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/623128 15.0+42.3+Backports:SLE-12-SP2 / znc
Comment 7 Swamp Workflow Management 2018-07-18 08:30:19 UTC
This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/623568 15.0+42.3+Backports:SLE-12-SP2 / znc