BNC: Buffer overflow vulnerability — GLSA 200411-24

BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.

Affected packages

Package 	net-irc/bnc on all architectures
Affected versions 	< 2.9.1
Unaffected versions 	>= 2.9.1

Background

BNC (BouNCe) is an IRC proxy server.

Description

Leon Juranic discovered that BNC fails to do proper bounds checking when checking server response.

Impact

An attacker could exploit this to cause a Denial of Service and potentially execute arbitary code with the permissions of the user running BNC.

Workaround

There is no known workaround at this time.

Resolution

All BNC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/bnc-2.9.1"

References

    BNC ChangeLog
    LSS-2004-11-03