Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
From the changes page: http://www.gotbnc.com/changes.html 2.8.9 1. Fixed backspace security flaw (reported by Yak) ... _______________________________ http://secunia.com/advisories/12770/ Secunia Advisory: SA12770 Print Advisory Release Date: 2004-10-09 Critical: Moderately critical Impact: Unknown Where: From remote Solution Status: Vendor Patch Software: BNC IRC proxy 2.x Description: Yak has reported a vulnerability with an unknown impact in BNC IRC proxy. The vulnerability is reportedly caused due to an unspecified backspace security flaw. Solution: Update to version 2.8.9. http://www.gotbnc.com/download.html Provided and/or discovered by: Yak _____________________________ net-irc, pls bump to 2.8.9
Commited to CVS and marked stable on x86.
Thanks for the quick reaction Sven. arches, pls test and mark 2.8.9 stable current KEYWORDS="x86 ~ppc ~sparc ~alpha ~arm" target KEYWORDS="x86 ppc sparc alpha arm"
Stable on sparc.
stable on ppc
Stable on alpha.
Sent mail upstrem asking for more information. Changed to [glsa?], but should wait for a reply.
Got back the following information: bnc 2.6.4 introduced a new input parsing routine. The function sbuf_getmsg would process the received data into lines. Part of this function would interpret the backspace character 008 and step backwards on the input processing. This would allow a malicious user to send backspaces to clear the true credentials, and then insert fake creditials to gain access to low security bots or weak irc scripts that was on the client end of a BNC.
also http://securitytracker.com/id?1011583 Description: A vulnerability was reported in BNC. A remote user can send arbitrary commands to a bot running BNC. The vendor reported that the software contains a flaw in the processing of the backspace character (ASCII 8). A remote user can send data that includes backspace characters to delete and replace data sent to the BNC bot to issue commands with arbitrary authentication credentials.
So it's a B3. Please vote on GLSA need... I suppose we should issue one ?
Yep, qualifies for a GLSA in my opinion.
agreed, should issue a GLSA
ready for a GLSA
GLSA 200410-13 arm should mark stable to benefit from GLSA
