Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5297

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-5297
Last Modified 20 Aug 2009 01:23:09
Published 01 Dec 2008 10:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5297

Summary

Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.

Vulnerable Systems

Application

  • Vitalwerks No-ip Duc 2.0.3

  • Vitalwerks No-ip Duc 2.1

  • Vitalwerks No-ip Duc 2.1.5

  • Vitalwerks No-ip Duc 2.1.7


References

XF - dducl-httpresponse-bo(46696)

MISC - http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c

BID - 32344

MLIST - [oss-security] 20081120 CVE request: no-ip DUC buffer overflow

MILW0RM - 7151

DEBIAN - DSA-1686

SREASON - 4672

GENTOO - GLSA-200901-12

SECUNIA - 33610

SECUNIA - 33138

SECUNIA - 32761

CONFIRM - http://git.debian.org/?p=collab-maint/no-ip.git;a=commit;h=60ed93621ff36d9731ba5d9f9336d6eb91122302

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506179


Last Updated: 27 May 2016 10:48:46