Info

Disclosure

Oct 09, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

BNC contains a flaw related to the handling of the backspace character that may allow an attacker to execute arbitrary BNC commands. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.8.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

GotBNC

BNC

2.8.8

References

Security Tracker: 1011583
Secunia Advisory ID: 12770 12845
CVE ID: 2004-1482 (see also: NVD)
Vendor Specific Advisory URL: http://security.gentoo.org/glsa/glsa-200410-13.xml
Vendor URL: http://www.gotbnc.com/

Credit

Yak -

Direct URL: http://osvdb.org/10596