CVE-2004-1482

Description

The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.

Affected products

• bnc / bnc2.2.4 – 2.2.4
• bnc / bnc2.4.6 – 2.4.6
• bnc / bnc2.4.8 – 2.4.8
• bnc / bnc2.6 – 2.6
• bnc / bnc2.6.2 – 2.6.2
• bnc / bnc2.8.8 – 2.8.8

References

• MISChttp://www.securityfocus.com/bid/11355
• VENDOR_ADVISORYhttp://secunia.com/advisories/12770/
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200410-13.xml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17672
• MISChttp://www.osvdb.org/10596
• MISChttp://www.gotbnc.com/changes.html#2.8.9