Lucene search

FreeBSD9BE819C6-4633-11D9-A9E7-0001020EED82

HistoryNov 10, 2004 - 12:00 a.m.

bnc -- remotely exploitable buffer overflow in getnickuserhost

2004-11-1000:00:00

vuxml.freebsd.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.009

Percentile

83.1%

JSON

A LSS Security Advisory reports:

There is a buffer overflow vulnerability in
getnickuserhost() function that is called when BNC is
processing response from IRC server.
Vulnerability can be exploited if attacker tricks user to
connect to his fake IRC server that will exploit this
vulnerability. If the attacker has access to BNC proxy
server, this vulnerability can be used to gain shell
access on machine where BNC proxy server is set.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbnc< 2.9.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bnc	< 2.9.1	UNKNOWN

References

marc.theaimsgroup.com/?l=bugtraq&m=110011817627839

security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03

www.gotbnc.com/changes.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.009

Percentile

83.1%

JSON

Related for 9BE819C6-4633-11D9-A9E7-0001020EED82