Test Kennung:	1.3.6.1.4.1.25623.1.0.800084
Kategorie:	Buffer overflow
Titel:	No-IP DUC RCE Vulnerability
Zusammenfassung:	No-IP DUC is prone to a remote code execution (RCE) vulnerability.
Beschreibung:	Summary: No-IP DUC is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to DNS poisoning in the function GetNextLine which fails to do length check. Vulnerability Impact: Successful attack could result in remote DNS servers to execute arbitrary code via a crafted DNS response. Affected Software/OS: No-IP DUC 2.1.7 and prior on Linux. Solution: Upgrade to latest version of No-IP DUC. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5297 BugTraq ID: 32344 http://www.securityfocus.com/bid/32344 Debian Security Information: DSA-1686 (Google Search) http://www.debian.org/security/2008/dsa-1686 https://www.exploit-db.com/exploits/7151 http://security.gentoo.org/glsa/glsa-200901-12.xml http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c http://www.openwall.com/lists/oss-security/2008/11/21/15 http://secunia.com/advisories/32761 http://secunia.com/advisories/33138 http://secunia.com/advisories/33610 http://securityreason.com/securityalert/4672 XForce ISS Database: dducl-httpresponse-bo(46696) https://exchange.xforce.ibmcloud.com/vulnerabilities/46696
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.