CVE-2019-12816

Priority
Description
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin
users to escalate privileges and execute arbitrary code by loading a module
with a crafted name.
Ubuntu-Description
It was discovered that ZNC incorrectly handled loading modules.
A non-admin user could possibly use this to escalate privileges or
execute arbitry code.
Notes
Package
Source: znc (LP Ubuntu Debian)
Upstream:released (1.7.2-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.6.3-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.6.6-1ubuntu0.2)
Patches:
Upstream:https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
More Information

Updated: 2020-07-29 16:15:21 UTC (commit 7cf1d5f6e26e0766fe02dc563b82a94963cf1775)