Description
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
Affected products
- bnc / bnc2.2.4 – 2.2.4
- bnc / bnc2.4.6 – 2.4.6
- bnc / bnc2.4.8 – 2.4.8
- bnc / bnc2.6 – 2.6
- bnc / bnc2.6.2 – 2.6.2
- bnc / bnc2.6.4 – 2.6.4
- bnc / bnc2.8.8 – 2.8.8
- bnc / bnc2.8.9 – 2.8.9
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.0 – 3.0
- gentoo / linux
References
- MISChttp://security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03
- MAILING_LISThttp://marc.info/?l=bugtraq&m=110011817627839&w=2
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-595
- VENDOR_ADVISORYhttp://secunia.com/advisories/13149/
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18013
- MISChttp://www.securityfocus.com/bid/11647