FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bnc -- remotely exploitable buffer overflow in getnickuserhost

Affected packages
bnc < 2.9.1

Details

VuXML ID 9be819c6-4633-11d9-a9e7-0001020eed82
Discovery 2004-11-10
Entry 2004-12-04
Modified 2005-02-22

A LSS Security Advisory reports:

There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from IRC server.

Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine where BNC proxy server is set.

References

CVE Name CVE-2004-1052
Message 20041110131046.GA21604@cecilija.zesoi.fer.hr
URL http://security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03
URL http://www.gotbnc.com/changes.html