CVE-2004-1052

Name of the Vulnerable Software and Affected Versions BNC versions 2.8.9 and possibly other versions

Description The issue concerns multiple vulnerabilities in the BNC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow in the getnickuserhost function allows remote IRC servers to execute arbitrary code via an IRC server response containing many ! (exclamation) or @ (at sign) characters.

Recommendations For BNC version 2.8.9, consider disabling the getnickuserhost function as a temporary workaround until a patch is available. Restrict access to the BNC module to minimize the risk of exploitation. Avoid using the BNC package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.