From the changes page:
1. Fixed backspace security flaw (reported by Yak)
Secunia Advisory: SA12770 Print Advisory
Release Date: 2004-10-09
Critical: Moderately critical
Where: From remote
Solution Status: Vendor Patch
Software: BNC IRC proxy 2.x
Yak has reported a vulnerability with an unknown impact in BNC IRC proxy.
The vulnerability is reportedly caused due to an unspecified backspace security flaw.
Solution: Update to version 2.8.9.
Provided and/or discovered by:
net-irc, pls bump to 2.8.9
Commited to CVS and marked stable on x86.
Thanks for the quick reaction Sven.
arches, pls test and mark 2.8.9 stable
current KEYWORDS="x86 ~ppc ~sparc ~alpha ~arm"
target KEYWORDS="x86 ppc sparc alpha arm"
Stable on sparc.
stable on ppc
Stable on alpha.
Sent mail upstrem asking for more information.
Changed to [glsa?], but should wait for a reply.
Got back the following information:
bnc 2.6.4 introduced a new input parsing routine. The function sbuf_getmsg
would process the received data into lines. Part of this function would
interpret the backspace character 008 and step backwards on the input
processing. This would allow a malicious user to send backspaces to clear
the true credentials, and then insert fake creditials to gain access to low
security bots or weak irc scripts that was on the client end of a BNC.
Description: A vulnerability was reported in BNC. A remote user can send arbitrary commands to a bot running BNC.
The vendor reported that the software contains a flaw in the processing of the backspace character (ASCII 8). A remote user can send data that includes backspace characters to delete and replace data sent to the BNC bot to issue commands with arbitrary authentication credentials.
So it's a B3.
Please vote on GLSA need...
I suppose we should issue one ?
Yep, qualifies for a GLSA in my opinion.
agreed, should issue a GLSA
ready for a GLSA
arm should mark stable to benefit from GLSA