CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
83.1%
A LSS Security Advisory reports:
There is a buffer overflow vulnerability in
getnickuserhost() function that is called when BNC is
processing response from IRC server.
Vulnerability can be exploited if attacker tricks user to
connect to his fake IRC server that will exploit this
vulnerability. If the attacker has access to BNC proxy
server, this vulnerability can be used to gain shell
access on machine where BNC proxy server is set.