Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1052

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1052
Last Modified 05 Sep 2008 04:40:11
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1052

Summary

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

  • Gentoo Linux

Application

  • Bnc 2.2.4

  • Bnc 2.4.6

  • Bnc 2.4.8

  • Bnc 2.6

  • Bnc 2.6.2

  • Bnc 2.6.4

  • Bnc 2.8.8

  • Bnc 2.8.9


References

BID - 11647

XF - bnc-irc-getnickuserhost-bo(18013)

DEBIAN - DSA-595

SECUNIA - 13149

MISC - http://security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03

BUGTRAQ - 20041110 BNC 2.8.9 remote buffer overflow


Last Updated: 27 May 2016 10:38:52