Summary
This host has No-IP DUC installed and is prone to remote code execution vulnerability.
Impact
Successful attack could result in remote DNS servers to execute arbitrary code via a crafted DNS response.
Impact Level: Application
Solution
Upgrade to latest version of No-IP DUC,
http://www.no-ip.com/downloads.php
Insight
The flaw is due to DNS poisoning in the function GetNextLine which fails to do length check.
Affected
No-IP DUC 2.1.7 and prior on Linux
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5297 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- Avaya WinPDM Multiple Buffer Overflow Vulnerabilities
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- CCProxy CONNECTION Request Buffer Overflow Vulnerability
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities