GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Tue Nov 16, 2004 6:45 pm Post subject: [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: BNC: Buffer overflow vulnerability (GLSA 200411-24)
Severity: high
Exploitable: remote
Date: November 16, 2004
Bug(s): #70674
ID: 200411-24
Synopsis
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.
Background
BNC (BouNCe) is an IRC proxy server.
Affected Packages
Package: net-irc/bnc
Vulnerable: < 2.9.1
Unaffected: >= 2.9.1
Architectures: All supported architectures
Description
Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response.
Impact
An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user running BNC.
Workaround
There is no known workaround at this time.
Resolution
All BNC users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1" |
References
BNC ChangeLog
LSS-2004-11-03
Last edited by GLSA on Sun May 07, 2006 4:53 pm; edited 1 time in total |
|
News & Announcements
