Test ID:	1.3.6.1.4.1.25623.1.0.53285
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-595-1)
Summary:	The remote host is missing an update for the Debian 'bnc' package(s) announced via the DSA-595-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'bnc' package(s) announced via the DSA-595-1 advisory. Vulnerability Insight: Leon Juranic discovered that BNC, an IRC session bouncing proxy, does not always protect buffers from being overwritten. This could exploited by a malicious IRC server to overflow a buffer of limited size and execute arbitrary code on the client host. For the stable distribution (woody) this problem has been fixed in version 2.6.4-3.3. This package does not exist in the testing or unstable distributions. We recommend that you upgrade your bnc package. Affected Software/OS: 'bnc' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1052 BugTraq ID: 11647 http://www.securityfocus.com/bid/11647 Bugtraq: 20041110 BNC 2.8.9 remote buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=110011817627839&w=2 Debian Security Information: DSA-595 (Google Search) http://www.debian.org/security/2004/dsa-595 http://security.lss.hr/en/index.php?page=details&ID=LSS-2004-11-03 http://secunia.com/advisories/13149/ XForce ISS Database: bnc-irc-getnickuserhost-bo(18013) https://exchange.xforce.ibmcloud.com/vulnerabilities/18013
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.