FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bnc -- remotely exploitable buffer overflow in getnickuserhost

Affected packages
bnc < 2.9.1


VuXML ID 9be819c6-4633-11d9-a9e7-0001020eed82
Discovery 2004-11-10
Entry 2004-12-04
Modified 2005-02-22

A LSS Security Advisory reports:

There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from IRC server.

Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine where BNC proxy server is set.


CVE Name CVE-2004-1052