The well known bouncer BNC contains a remote buffer overflow exploit.

“There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from some IRC server. When BNC is connected to some IRC server, it will send ‘USER’ and ‘NICK’ command. Server response is at some point processed with getnickuserhost() function.” This post at Security Focus explains.

The overflow is present in version 2.8.9 and below. “Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine here BNC proxy server is set.“, the Security Focus post explains.

This vulnerability has been fixed in version 2.9.0.