Joined: 13 Jun 2003
Location: Dresden, Germany
|Posted: Tue Nov 16, 2004 6:45 pm Post subject: [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability
|Gentoo Linux Security Advisory
Title: BNC: Buffer overflow vulnerability (GLSA 200411-24)
Date: November 16, 2004
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.
BNC (BouNCe) is an IRC proxy server.
Vulnerable: < 2.9.1
Unaffected: >= 2.9.1
Architectures: All supported architectures
Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response.
An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user running BNC.
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1"
Last edited by GLSA on Sun May 07, 2006 4:53 pm; edited 1 time in total