FreeBSD : bnc -- remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)

NASLDB: FreeBSD : bnc -- remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)

General

ID: 19048
Name: FreeBSD : bnc — remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

A LSS Security Advisory reports :

There is a buffer overflow vulnerability in getnickuserhost() function
that is called when BNC is processing response from IRC server.

Vulnerability can be exploited if attacker tricks user to connect to
his fake IRC server that will exploit this vulnerability. If the
attacker has access to BNC proxy server, this vulnerability can be
used to gain shell access on machine where BNC proxy server is set.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2004-1052
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2004/11/10
Patch Release: 2004/12/04
Plugin Release: 2005/07/13

Plugin

Version: 1.14
Filename: freebsd_pkg_9be819c6463311d9a9e70001020eed82.nasl
Filesize: 4727 bytes
MD5 Hash: fd6a2d9029a450dd97e12b98fb58f2e3

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"