Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-13] BNC: Input validation flaw Vulnerability Scan
Vulnerability Scan Summary
BNC: Input validation flaw
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-13
(BNC: Input validation flaw)
A flaw exists in the input parsing of BNC where part of the sbuf_getmsg()
function handles the backspace character incorrectly.
A remote user could issue commands using fake authentication credentials
and possibly gain access to scripts running on the client side.
There is no known workaround at this time.
All BNC users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-irc/bnc-2.8.9"
# emerge ">=net-irc/bnc-2.8.9"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.