Test ID:	1.3.6.1.4.1.25623.1.0.64466
Category:	Fedora Local Security Checks
Title:	Fedora Core 10 FEDORA-2009-7937 (znc)
Summary:	The remote host is missing an update to znc;announced via advisory FEDORA-2009-7937.;Note: This VT has been deprecated and is therefore no longer functional.
Description:	Summary: The remote host is missing an update to znc announced via advisory FEDORA-2009-7937. Note: This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: Update Information: Upgrade to 0.072 of ZNC, fixes security issue in bug 513152 An users data directory traversal flaw was found in the way ZNC used to handle file upload requests via Direct Client Connection (DCC) /dcc SEND messages. A remote IRC user could issue a /dcc SEND message with a specially-crafted content (file to upload), which once accepted by a local, unsuspecting ZNC user, would overwrite relevant files in the users//downloads data directory. Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update znc' at the command line. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2658 Debian Security Information: DSA-1848 (Google Search) http://www.debian.org/security/2009/dsa-1848 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html http://www.openwall.com/lists/oss-security/2009/07/21/5 http://secunia.com/advisories/35916
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.