A vulnerability has been found in ZNC which could result in remote code execution.
Package | net-irc/znc on all architectures |
---|---|
Affected versions | < 1.9.1 |
Unaffected versions | >= 1.9.1 |
ZNC is an advanced IRC bouncer.
ZNC's modtcl could allow for remote code execution via a KICK.
A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution.
Unload the mod_tcl module.
All ZNC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/znc-1.9.1"
Release date
September 24, 2024
Latest revision
September 24, 2024: 1
Severity
normal
Exploitable
remote
Bugzilla entries