CVE-2009-2658: Path Traversal
First published: Tue Aug 04 2009(Updated: )
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZNC | =0.044 | |
| ZNC | =0.062 | |
| ZNC | =0.045 | |
| ZNC | =0.052 | |
| ZNC | =0.058 | |
| ZNC | =0.056 | |
| ZNC | =0.070 | |
| ZNC | =0.064 | |
| ZNC | =0.068 | |
| ZNC | =0.054 | |
| ZNC | =0.060 | |
| ZNC | =0.047 | |
| ZNC | =0.066 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2009/07/21/5
- http://secunia.com/advisories/35916
- http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html
- http://en.znc.in/wiki/ChangeLog/0.072
- http://www.debian.org/security/2009/dsa-1848
- http://en.znc.in/w/index.php?title=ZNC&oldid=3209#WARNING
Frequently Asked Questions
What is the severity of CVE-2009-2658?
CVE-2009-2658 has a severity rating classified as important due to its potential to overwrite arbitrary files.
How do I fix CVE-2009-2658?
To mitigate CVE-2009-2658, upgrade ZNC to version 0.072 or later.
Which versions of ZNC are affected by CVE-2009-2658?
CVE-2009-2658 affects all ZNC versions prior to 0.072, including versions 0.044 through 0.070.
What kind of attack is associated with CVE-2009-2658?
CVE-2009-2658 enables remote attackers to exploit a directory traversal vulnerability through a crafted DCC SEND request.
What are the potential risks of CVE-2009-2658?
The risks associated with CVE-2009-2658 include unauthorized file overwriting and potential system compromise.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/znc
- canonical/znc
- version/znc/0.044
- version/znc/0.062
- version/znc/0.045
- version/znc/0.052
- version/znc/0.058
- version/znc/0.056
- version/znc/0.070
- version/znc/0.064
- version/znc/0.068
- version/znc/0.054
- version/znc/0.060
- version/znc/0.047
- version/znc/0.066