ZNC: Remote Code Execution

ZNC: Remote Code Execution A vulnerability has been found in ZNC which could result in remote code execution. znc 2024-09-24 2024-09-24 935422 remote 1.9.1 1.9.1

ZNC is an advanced IRC bouncer.

ZNC's modtcl could allow for remote code execution via a KICK.

A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution.

Unload the mod_tcl module.

All ZNC users should upgrade to the latest version:


          # emerge --sync
          # emerge --ask --oneshot --verbose ">=net-irc/znc-1.9.1"

CVE-2024-39844 ajak graaff