1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200411-24 / BNC |
| Release Date | November 16, 2004 |
| Latest Revision | November 16, 2004: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-irc/bnc | < 2.9.1 | >= 2.9.1 | All supported architectures |
Related bugreports: #70674
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.
BNC (BouNCe) is an IRC proxy server.
Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response.
An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user running BNC.
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1" |