BNC IRC Proxy Incorrect Password Authentication Bypass

2004-11-26T05:37:55
ID OSVDB:12144
Type osvdb
Reporter OSVDB
Modified 2004-11-26T05:37:55

Description

Vulnerability Description

BNC contains a flaw that may allow a malicious user to authenticate with incorrect password credentials. It is possible that the flaw may allow arbitrary use of the IRC proxy resulting in a loss of integrity.

Solution Description

Upgrade to version 2.9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

BNC contains a flaw that may allow a malicious user to authenticate with incorrect password credentials. It is possible that the flaw may allow arbitrary use of the IRC proxy resulting in a loss of integrity.

References:

Vendor URL: http://www.gotbnc.com/ Vendor Specific News/Changelog Entry: http://www.gotbnc.com/changes.html#2.9.1 Secunia Advisory ID:13302 Nessus Plugin ID:15703 ISS X-Force ID: 18103 CVE-2004-2612 Bugtraq ID: 11650