OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

bnc -- input validation flaw

Affected packages
bnc < 2.8.9

Details

VuXML ID 62e68efa-2357-11d9-a317-00065bd5b0b6
Discovery 2004-10-15
Entry 2004-10-16

A flaw exists in the input parsing of BNC where part of the sbuf_getmsg() function handles the backspace character incorrectly. A remote user could issue commands using fake authentication credentials and possibly gain access to scripts running on the client side.

References

URL http://www.gotbnc.com/changes.html#2.8.9

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.