[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2448Date: (C)2010-07-12   (M)2023-12-22


znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-40523
BID-40982
ADV-2010-1775
DSA-2069
FEDORA-2010-10042
FEDORA-2010-10078
FEDORA-2010-10082
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929
http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view
http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026
http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision

CPE    1
cpe:/a:znc:znc
OVAL    2
oval:org.mitre.oval:def:11828
oval:org.secpod.oval:def:600035

© SecPod Technologies