Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9403

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-9403
Last Modified 28 Sep 2015 08:31:41
Published 19 Dec 2014 10:59:32
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9403

Summary

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

Vulnerable Systems

Application

  • Znc 1.2


References

CONFIRM - https://github.com/znc/znc/issues/528

CONFIRM - https://github.com/znc/znc/blob/master/ChangeLog.md

BID - 66926

MLIST - [oss-security] 20141217 Re: CVE Request: ZNC NULL Pointer Dereference

SECUNIA - 57795

MANDRIVA - MDVSA-2015:013

CONFIRM - http://advisories.mageia.org/MGASA-2014-0543.html


Last Updated: 27 May 2016 11:08:12