Lucene search

[email protected]CVE-2004-1482

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1482

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bnc

sbuf_getmsg

vulnerability

authentication bypass

remote attackers

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.

CPENameOperatorVersion
bnc:bncbnceq2.4.8
bnc:bncbnceq2.6
bnc:bncbnceq2.8.8
bnc:bncbnceq2.2.4
bnc:bncbnceq2.6.2
bnc:bncbnceq2.4.6

CPE	Name	Operator	Version
bnc:bnc	bnc	eq	2.4.8
bnc:bnc	bnc	eq	2.6
bnc:bnc	bnc	eq	2.8.8
bnc:bnc	bnc	eq	2.2.4
bnc:bnc	bnc	eq	2.6.2
bnc:bnc	bnc	eq	2.4.6

References

secunia.com/advisories/12770/

www.gentoo.org/security/en/glsa/glsa-200410-13.xml

www.gotbnc.com/changes.html#2.8.9

www.osvdb.org/10596

www.securityfocus.com/bid/11355

exchange.xforce.ibmcloud.com/vulnerabilities/17672

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2004-1482

openvas1 gentoo1 nessus1