Buffer overflow : No-IP DUC RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800084

Categoría: Buffer overflow

Título: No-IP DUC RCE Vulnerability

Resumen: No-IP DUC is prone to a remote code execution (RCE) vulnerability.

Descripción: Summary:
No-IP DUC is prone to a remote code execution (RCE) vulnerability.

Vulnerability Insight:
The flaw is due to DNS poisoning in the function GetNextLine which fails
to do length check.

Vulnerability Impact:
Successful attack could result in remote DNS servers to execute arbitrary
code via a crafted DNS response.

Affected Software/OS:
No-IP DUC 2.1.7 and prior on Linux.

Solution:
Upgrade to latest version of No-IP DUC.

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5297
BugTraq ID: 32344
http://www.securityfocus.com/bid/32344
Debian Security Information: DSA-1686 (Google Search)
http://www.debian.org/security/2008/dsa-1686
https://www.exploit-db.com/exploits/7151
http://security.gentoo.org/glsa/glsa-200901-12.xml
http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c
http://www.openwall.com/lists/oss-security/2008/11/21/15
http://secunia.com/advisories/32761
http://secunia.com/advisories/33138
http://secunia.com/advisories/33610
http://securityreason.com/securityalert/4672
XForce ISS Database: dducl-httpresponse-bo(46696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46696

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800084
Categoría:	Buffer overflow
Título:	No-IP DUC RCE Vulnerability
Resumen:	No-IP DUC is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: No-IP DUC is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to DNS poisoning in the function GetNextLine which fails to do length check. Vulnerability Impact: Successful attack could result in remote DNS servers to execute arbitrary code via a crafted DNS response. Affected Software/OS: No-IP DUC 2.1.7 and prior on Linux. Solution: Upgrade to latest version of No-IP DUC. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5297 BugTraq ID: 32344 http://www.securityfocus.com/bid/32344 Debian Security Information: DSA-1686 (Google Search) http://www.debian.org/security/2008/dsa-1686 https://www.exploit-db.com/exploits/7151 http://security.gentoo.org/glsa/glsa-200901-12.xml http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c http://www.openwall.com/lists/oss-security/2008/11/21/15 http://secunia.com/advisories/32761 http://secunia.com/advisories/33138 http://secunia.com/advisories/33610 http://securityreason.com/securityalert/4672 XForce ISS Database: dducl-httpresponse-bo(46696) https://exchange.xforce.ibmcloud.com/vulnerabilities/46696
Copyright	Copyright (C) 2008 Greenbone AG