CVE-1999-0968
published 1998-12-26CVE-1999-0968: Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.19%
86.5th percentile
Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| james_seter | bnc_irc | <= 2.2.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (1)
exploitdb·1998-12-26
CVE-1999-0968 BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (1)
BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (1)
---
/*
source: https://www.securityfocus.com/bid/1927/info
BNC's IRC Proxy is used as a gateway to an IRC server.
A buffer stores a username which arguments the program's USER command. User-supplied input to this buffer is improperly checked for length.
As a result, the excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can be crafted to alter the program's flow of execution.
If properly exploited, this can yield root privilege to the attacker.
*/
/*
bnc remote buffer overflow for linux x86 (w/o stack-non-exec patch)
by duke ([email protected])
works on versions 1000
special thanks to stranJer! :)
greets t
Exploit-DB
BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (2)
exploitdb·1998-12-26
CVE-1999-0968 BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (2)
BNC 2.2.4/2.4.6/2.4.8 - IRC Proxy Buffer Overflow (2)
---
/*
source: https://www.securityfocus.com/bid/1927/info
BNC's IRC Proxy is used as a gateway to an IRC server.
A buffer stores a username which arguments the program's USER command. User-supplied input to this buffer is improperly checked for length.
As a result, the excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can be crafted to alter the program's flow of execution.
If properly exploited, this can yield root privilege to the attacker.
*/
/*
* SDI irc bouncer exploit
*
* This source exploits a buffer overflow in the bnc,
* popular irc bouncer, binding a shell.
*
* Tested against bnc 2.2.4 running o
No writeups or analysis indexed.
1998-12-26
Published