Vulnerabilities > CVE-2004-1052 - Buffer Overflow vulnerability in BNC getnickuserhost IRC Server Response
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| OS | 11 | |
| OS | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-595.NASL description Leon Juranic discovered that BNC, an IRC session bouncing proxy, does not always protect buffers from being overwritten. This could exploited by a malicious IRC server to overflow a buffer of limited size and execute arbitrary code on the client host. last seen 2020-06-01 modified 2020-06-02 plugin id 15824 published 2004-11-24 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15824 title Debian DSA-595-1 : bnc - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9BE819C6463311D9A9E70001020EED82.NASL description A LSS Security Advisory reports : There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine where BNC proxy server is set. last seen 2020-06-01 modified 2020-06-02 plugin id 19048 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19048 title FreeBSD : bnc -- remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)