956254 – (CVE-2014-9403) VUL-0: CVE-2014-9403 znc: Crash while adding channels to the web admin

Bug 956254 (CVE-2014-9403) - VUL-0: CVE-2014-9403 znc: Crash while adding channels to the web admin

Summary: VUL-0: CVE-2014-9403 znc: Crash while adding channels to the web admin

Status:	RESOLVED FIXED

Alias:	CVE-2014-9403

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/111738/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-11-23 12:44 UTC by Andreas Stieger
Modified:	2018-07-18 08:30 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-11-23 12:44:34 UTC

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4
allows remote authenticated users to cause a denial of service (NULL pointer
dereference and crash) by adding a channel with the same name as an existing
channel but without the leading # character, related to a "use-after-delete"
error.

http://wiki.znc.in/ChangeLog/1.6.2
Fixed a use-after-delete in webadmin. It was already partially fixed in ZNC 1.4; since 1.4 it has been still possible to trigger, but much harder. (#528)

Details:
https://github.com/znc/znc/issues/528

Partial fix in 1.4, complete fix in 1.6.2.

Affects openSUSE Leap 42.1 and SLE 12 Backports. 
Submission is in, adding tracking for completeness.

Maintainer, please submit again with this bug number and CVE.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1177580
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9403
http://www.openwall.com/lists/oss-security/2014/12/18/2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9403.html
http://www.cvedetails.com/cve/CVE-2014-9403/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9403
http://secunia.com/advisories/57795
http://www.securityfocus.com/bid/66926
http://advisories.mageia.org/MGASA-2014-0543.html
https://github.com/znc/znc/issues/528
https://github.com/znc/znc/blob/master/ChangeLog.md

Comment 1 Bernhard Wiedemann 2015-11-23 13:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/345868 Backports:SLE-12+42.1 / znc+znc.openSUSE_Backports_SLE-12

Comment 2 Andreas Stieger 2015-11-23 13:09:20 UTC

Thanks, update is running

Comment 3 Andreas Stieger 2015-12-01 22:21:57 UTC

releasing

Comment 4 Swamp Workflow Management 2015-12-02 02:10:08 UTC

openSUSE-SU-2015:2163-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 956254
CVE References: CVE-2014-9403
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    znc-1.6.2-9.1

Comment 5 Swamp Workflow Management 2015-12-02 02:10:25 UTC

openSUSE-SU-2015:2164-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 956254
CVE References: CVE-2014-9403
Sources used:
openSUSE Leap 42.1 (src):    znc-1.6.2-8.1

Comment 6 Swamp Workflow Management 2018-07-16 13:20:18 UTC

This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/623128 15.0+42.3+Backports:SLE-12-SP2 / znc

Comment 7 Swamp Workflow Management 2018-07-18 08:30:19 UTC

This is an autogenerated message for OBS integration:
This bug (956254) was mentioned in
https://build.opensuse.org/request/show/623568 15.0+42.3+Backports:SLE-12-SP2 / znc