Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0812010952420.843@faron.mitre.org>
Date: Mon, 1 Dec 2008 09:52:46 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re:  CVE request: no-ip DUC buffer overflow


======================================================
Name: CVE-2008-5297
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5297
Reference: MILW0RM:7151
Reference: URL:http://www.milw0rm.com/exploits/7151
Reference: MISC:http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506179
Reference: CONFIRM:http://git.debian.org/?p=collab-maint/no-ip.git;a=commit;h=60ed93621ff36d9731ba5d9f9336d6eb91122302
Reference: MLIST:[oss-security] 20081120 CVE request: no-ip DUC buffer overflow
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/21/15

Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS
servers to execute arbitrary code via a crafted DNS response, related
to a missing length check in the GetNextLine function.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.