FreeBSD : znc -- multiple vulnerabilities (c6d1a8a6-8a91-11e8-be4d-005056925db4)
Medium Nessus Plugin ID 111180
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMitre reports :
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
SolutionUpdate the affected package.