Summary
Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users.
The oldstable distribution (lenny) is not affected by this problem.
Solution
For the stable distribution (squeeze), this problem has been fixed in version 0.8.2-1squeeze4.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your bip packages.
Insight
Bip is a IRC proxy that supports replaying logged conversation when a client connects, multiple clients on one irc server connection, It has a handy logging directory structure. It is multiuser, and has a flexible configuration. Some of its configuration can be changed at runtime with special irc commands.
Affected
bip on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0806 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities