blob: 6c2972c66d3460dbdae0466c9e674441b9370299 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200411-24">
<title>BNC: Buffer overflow vulnerability</title>
BNC contains a buffer overflow vulnerability that may lead to Denial of
Service and execution of arbitrary code.
<product type="ebuild">BNC</product>
<announced>November 16, 2004</announced>
<revised>November 16, 2004: 01</revised>
<package name="net-irc/bnc" auto="yes" arch="*">
<unaffected range="ge">2.9.1</unaffected>
<vulnerable range="lt">2.9.1</vulnerable>
BNC (BouNCe) is an IRC proxy server.
Leon Juranic discovered that BNC fails to do proper bounds
checking when checking server response.
<impact type="high">
An attacker could exploit this to cause a Denial of Service and
potentially execute arbitary code with the permissions of the user
running BNC.
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1"</code>
<uri link="">BNC ChangeLog</uri>
<uri link=";ID=LSS-2004-11-03">LSS-2004-11-03</uri>
<metadata tag="requester" timestamp="Thu, 11 Nov 2004 20:17:39 +0000">
<metadata tag="submitter" timestamp="Thu, 11 Nov 2004 21:49:41 +0000">
<metadata tag="bugReady" timestamp="Fri, 12 Nov 2004 23:44:26 +0000">