-
-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: She <she@libera.chat> Co-authored-by: Melissa Draper <el@libera.chat> Co-authored-by: bakerst-221b <86150350+bakerst-221b@users.noreply.github.com>
- Loading branch information
1 parent
9366303
commit cc5837d
Showing
1 changed file
with
39 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
title: PSA: Critical vulnerability in ZNC's modtcl | ||
author: She, el | ||
--- | ||
|
||
TL;DR - If you are using a version of modtcl that is NOT from | ||
[ZNC 1.9.1][191changelog] (distribution versions may differ) or newer, | ||
**update or unload it immediately**. | ||
|
||
In coordination with other IRC networks and ZNC providers, we're sending out a | ||
global notice today about a vulnerability in a non-default core ZNC module, | ||
modtcl. Please unload this module until it can be upgraded to a patched | ||
version. | ||
|
||
Modtcl in ZNC versions prior to 1.9.1 contains an injection vulnerability | ||
([CVE-2024-39844]) that allows channel operators to run arbitrary ZNC | ||
commands as a ZNC user in their channel. This exploit can be used to | ||
compromise NickServ accounts or channels. Attacks may also leverage other | ||
modules or vulnerabilities to compromise of the system user account running | ||
ZNC. | ||
|
||
Luckily, modtcl is not loaded by default. To check if you have modtcl loaded, | ||
run `/quote ZNC listmods` to see the list of loaded modules. If you have | ||
access to the ZNC's config file, you may additionally search for the line | ||
`LoadModule = modtcl`. | ||
|
||
Prior to this announcement, to protect folks who are idle, Libera's servers | ||
were patched to reduce the impact of this vulnerability on Libera. Our | ||
mitigation will result in some kick messages being blanked out. Other networks | ||
have undertaken their own mitigations as they see fit. Please ask them | ||
directly if you have questions. | ||
|
||
We appreciate your help in ensuring that everyone gets updated as soon as | ||
possible! We encourage you to contact ZNC using friends who are idle. Please | ||
also keep us informed in `#libera-hotline` about folks trying to take advantage | ||
of this vulnerability. | ||
|
||
[CVE-2024-39844]: https://www.cve.org/CVERecord?id=CVE-2024-39844 | ||
[191changelog]: https://wiki.znc.in/ChangeLog/1.9.1 |