blob: b5bbb24ff4dc2990057dbde9691e90972c4cfc5f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200410-13">
<title>BNC: Input validation flaw</title>
BNC contains an input validation flaw which might allow a remote attacker
to issue arbitrary IRC related commands.
<product type="ebuild">bnc</product>
<announced>October 15, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="net-irc/bnc" auto="yes" arch="*">
<unaffected range="ge">2.8.9</unaffected>
<vulnerable range="lt">2.8.9</vulnerable>
BNC is an IRC proxying server
A flaw exists in the input parsing of BNC where part of the
sbuf_getmsg() function handles the backspace character incorrectly.
<impact type="normal">
A remote user could issue commands using fake authentication
credentials and possibly gain access to scripts running on the client
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
# emerge sync
# emerge -pv &quot;&gt;=net-irc/bnc-2.8.9&quot;
# emerge &quot;&gt;=net-irc/bnc-2.8.9&quot;</code>
<uri link="">BNC Changes</uri>
<uri link="">CVE-2004-1482</uri>
<metadata tag="requester" timestamp="Tue, 12 Oct 2004 11:44:17 +0000">
<metadata tag="bugReady" timestamp="Tue, 12 Oct 2004 11:44:35 +0000">
<metadata tag="submitter" timestamp="Wed, 13 Oct 2004 08:51:33 +0000">