Mandriva Linux Security Advisory 2015-013

Mandriva Linux Security Advisory 2015-013 – Multiple vulnerabilities were reported in ZNC version 1.0 which can be exploited by malicious authenticated users to cause a denial of service. These flaws are due to errors when handling the editnetwork, editchan, addchan, and delchan page requests; they can be exploited to cause a NULL pointer dereference. Adding an already existing channel to a user/network via web admin in ZNC causes a crash if the channel name isn’t prefixed with ‘#’.

Leave a Reply