Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 66912

Summary: net-irc/bnc: backspace security flaw
Product: Gentoo Security Reporter: Matthias Geerdsen (RETIRED) <vorlon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: net-irc
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.gotbnc.com/changes.html
Whiteboard: B3 [glsa] vorlon
Package list:
Runtime testing required: ---

Description Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-09 12:58:12 UTC
From the changes page:

http://www.gotbnc.com/changes.html
2.8.9

   1. Fixed backspace security flaw (reported by Yak)
...

_______________________________
http://secunia.com/advisories/12770/

Secunia Advisory:	SA12770	Print Advisory  
Release Date:	2004-10-09

Critical: Moderately critical
Impact:	Unknown
Where:	From remote
Solution Status:	Vendor Patch

Software:	BNC IRC proxy 2.x

Description:
Yak has reported a vulnerability with an unknown impact in BNC IRC proxy.

The vulnerability is reportedly caused due to an unspecified backspace security flaw.

Solution: Update to version 2.8.9.
http://www.gotbnc.com/download.html

Provided and/or discovered by:
Yak

_____________________________

net-irc, pls bump to 2.8.9
Comment 1 Sven Wegener gentoo-dev 2004-10-09 13:29:48 UTC
Commited to CVS and marked stable on x86.
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-09 13:41:07 UTC
Thanks for the quick reaction Sven.

arches, pls test and mark 2.8.9 stable

current KEYWORDS="x86 ~ppc ~sparc ~alpha ~arm"
target KEYWORDS="x86 ppc sparc alpha arm"

Comment 3 Jason Wever (RETIRED) gentoo-dev 2004-10-09 14:16:48 UTC
Stable on sparc.
Comment 4 Pieter Van den Abeele (RETIRED) gentoo-dev 2004-10-09 14:36:01 UTC
stable on ppc
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2004-10-09 15:56:13 UTC
Stable on alpha.
Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-10 02:42:21 UTC
Sent mail upstrem asking for more information.
Changed to [glsa?], but should wait for a reply.
Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-11 05:03:11 UTC
Got back the following information:

bnc 2.6.4 introduced a new input parsing routine.  The function sbuf_getmsg
would process the received data into lines.  Part of this function would
interpret the backspace character 008 and step backwards on the input
processing.  This would allow a malicious user to send backspaces to clear
the true credentials, and then insert fake creditials to gain access to low
security bots or weak irc scripts that was on the client end of a BNC.
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-11 05:25:37 UTC
also http://securitytracker.com/id?1011583 

Description:  A vulnerability was reported in BNC. A remote user can send arbitrary commands to a bot running BNC.

The vendor reported that the software contains a flaw in the processing of the backspace character (ASCII 8). A remote user can send data that includes backspace characters to delete and replace data sent to the BNC bot to issue commands with arbitrary authentication credentials.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2004-10-11 06:16:44 UTC
So it's a B3.
Please vote on GLSA need...

I suppose we should issue one ?
Comment 10 Sven Wegener gentoo-dev 2004-10-11 06:56:14 UTC
Yep, qualifies for a GLSA in my opinion.
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2004-10-12 01:53:54 UTC
agreed, should issue a GLSA
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-10-12 04:41:11 UTC
ready for a GLSA
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2004-10-15 05:13:48 UTC
GLSA 200410-13
arm should mark stable to benefit from GLSA