CVE-2024-39844
published 2024-07-03CVE-2024-39844: In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.86%
88.9th percentile
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | znc | < znc 1.8.2-3.1+deb12u1 (bookworm) | znc 1.8.2-3.1+deb12u1 (bookworm) |
| znc | znc | >= 0 < 1.8.2-2+deb11u1 | 1.8.2-2+deb11u1 |
| znc | znc | >= 0 < 1.8.2-3.1+deb12u1 | 1.8.2-3.1+deb12u1 |
| znc | znc | >= 0 < 1.9.1-1 | 1.9.1-1 |
| znc | znc | >= 0 < 1.9.1-1 | 1.9.1-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a KICK IRC command in ZNC's modtcl module, enabling remote code execution. Monitor for unexpected KICK commands processed by ZNC instances running modtcl. ↗
- →Attack vector requires the ZNC user to be connected to a malicious IRC server. Investigate ZNC server connections to untrusted or unknown IRC servers. ↗
- ·The vulnerability only affects ZNC instances with the modtcl module loaded. Verify whether modtcl is enabled before prioritizing remediation. ↗
- ·Fixed in ZNC 1.9.1. Debian bookworm fix is in 1.8.2-3.1+deb12u1, bullseye in 1.8.2-2+deb11u1. Ensure patched versions are deployed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-39844: In ZNC before 1
osv·2024-07-03·CVSS 9.8
CVE-2024-39844 [CRITICAL] CVE-2024-39844: In ZNC before 1
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
GHSA
GHSA-qh94-pjxq-88v7: In ZNC before 1
ghsa_unreviewed·2024-07-03
CVE-2024-39844 [CRITICAL] CWE-94 GHSA-qh94-pjxq-88v7: In ZNC before 1
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Ubuntu
znc vulnerability
vendor_ubuntu·2024-09-04
CVE-2024-39844 znc vulnerability
Title: znc vulnerability
Summary: znc could be made to execute arbitrary code on a user's system if
they were persuaded to join a malicious server.
Johannes Kuhn (DasBrain) discovered that znc incorrectly handled
user input under certain operations. An attacker could possibly
use this issue to execute arbitrary code on a user's system if
the user was tricked into joining a malicious server.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2024-39844: znc - In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
vendor_debian·2024·CVSS 9.8
CVE-2024-39844 [CRITICAL] CVE-2024-39844: znc - In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Scope: local
bookworm: resolved (fixed in 1.8.2-3.1+deb12u1)
bullseye: resolved (fixed in 1.8.2-2+deb11u1)
forky: resolved (fixed in 1.9.1-1)
sid: resolved (fixed in 1.9.1-1)
trixie: resolved (fixed in 1.9.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2024/07/03/9https://github.com/znc/znc/releases/tag/znc-1.9.1https://wiki.znc.in/Category:ChangeLoghttps://wiki.znc.in/ChangeLog/1.9.1https://www.openwall.com/lists/oss-security/2024/07/03/9http://www.openwall.com/lists/oss-security/2024/07/03/9https://github.com/znc/znc/releases/tag/znc-1.9.1https://wiki.znc.in/Category:ChangeLoghttps://wiki.znc.in/ChangeLog/1.9.1https://www.openwall.com/lists/oss-security/2024/07/03/9
2024-07-03
Published