MidnightBSD

Advisories for bnc

CVE-2004-1052 HIGH

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 3.0
bnc bnc 2.6.2
bnc bnc 2.2.4
bnc bnc 2.8.8
bnc bnc 2.6.4
gentoo linux *
bnc bnc 2.6
bnc bnc 2.8.9
bnc bnc 2.4.6
bnc bnc 2.4.8
CVE-2004-1482 HIGH

The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bnc bnc 2.6.2
bnc bnc 2.2.4
bnc bnc 2.8.8
bnc bnc 2.6
bnc bnc 2.4.6
bnc bnc 2.4.8
CVE-2004-2612 HIGH

BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bnc bnc 2.9.0