psyBNC allows a remote attacker to view encrypted chat messages
| psybnc-view-encrypted-messages (7985) |  Low Risk |
Description:
psyBNC could allow a remote attacker to view the text of encrypted chat messages by specially-crafting the messages. The attacker can then respond to the encrypted messages to spoof himself as a trusted IRC user.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of psyBNC (2.3 or later), available from the psychoid Web site. See References.
References:
- BugTraq Mailing List, Tue Jan 22 2002 - 11:36:10 CST: psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminal.
- BugTraq Mailing List, Tue Jan 22 2002 - 17:12:22 CST: psyBNC2.3 Beta - encrypted text spoofable in others irc terminal.
- psychoid Web site: psyBNC.
- BID-3931: psyBNC Encrypted Chat Injection Vulnerability
- CVE-2002-0197: psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the [B] sequence, which makes the message appear legitimate.
- OSVDB ID: 2032: psyBNC Encrypted Chat Injection
Platforms Affected:
- psychoid psyBNC 2.3 and prior
Reported:
Jan 22, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this