GLSA-201908-15 : ZNC: Privilege escalation
Medium Nessus Plugin ID 127964
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201908-15 (ZNC: Privilege escalation)
It was discovered that ZNC’s “Modules.cpp” allows remote authenticated non-admin users to escalate privileges.
A remote authenticated attacker could escalate privileges and subsequently execute arbitrary code or conduct a Denial of Service attack.
There is no known workaround at this time.
SolutionAll ZNC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/znc-1.7.4_rc1'