Vulnerability Details CVE-2004-1482
The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/12770/
- http://www.gentoo.org/security/en/glsa/glsa-200410-13.xml
- http://www.gotbnc.com/changes.html#2.8.9
- http://www.osvdb.org/10596
- http://www.securityfocus.com/bid/11355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17672
- http://secunia.com/advisories/12770/
- http://www.gentoo.org/security/en/glsa/glsa-200410-13.xml
- http://www.gotbnc.com/changes.html#2.8.9
- http://www.osvdb.org/10596
- http://www.securityfocus.com/bid/11355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17672
Products affected by CVE-2004-1482
-
cpe:2.3:a:bnc:bnc:2.2.4
-
cpe:2.3:a:bnc:bnc:2.4.6
-
cpe:2.3:a:bnc:bnc:2.4.8
-
cpe:2.3:a:bnc:bnc:2.6
-
cpe:2.3:a:bnc:bnc:2.6.2
-
cpe:2.3:a:bnc:bnc:2.8.8