Bug#903787: znc: privilege escalation to admin permission (injection of rogue values in znc.conf)

[Salvatore Bonaccorso]

Source: znc
Version: 1.6.5-1
Severity: grave
Tags: patch security upstream
Justification: user security hole

Hi

See

https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

which would allow privilege escalation by a remote non-admin user.

Regards,
Salvatore