BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.
Package | net-irc/bnc on all architectures |
---|---|
Affected versions | < 2.9.1 |
Unaffected versions | >= 2.9.1 |
BNC (BouNCe) is an IRC proxy server.
Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response.
An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user running BNC.
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1"
Release date
November 16, 2004
Latest revision
November 16, 2004: 01
Severity
high
Exploitable
remote
Bugzilla entries