Vulnerabilities > CVE-2005-0830 - Unspecified vulnerability in Xzabite Dyndnsupdate 0.6.15

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xzabite
nessus

Summary

Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Xzabite
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200503-27.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200503-27 (Xzabite dyndnsupdate: Multiple vulnerabilities) Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows. Impact : A remote attacker, posing as a dyndns.org server, could execute arbitrary code with the rights of the user running dyndnsupdate. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id17588
published2005-03-21
reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17588
titleGLSA-200503-27 : Xzabite dyndnsupdate: Multiple vulnerabilities
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200503-27.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(17588);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:42");

  script_cve_id("CVE-2005-0830");
  script_xref(name:"GLSA", value:"200503-27");

  script_name(english:"GLSA-200503-27 : Xzabite dyndnsupdate: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200503-27
(Xzabite dyndnsupdate: Multiple vulnerabilities)

    Toby Dickenson discovered that dyndnsupdate suffers from multiple
    overflows.
  
Impact :

    A remote attacker, posing as a dyndns.org server, could execute
    arbitrary code with the rights of the user running dyndnsupdate.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200503-27"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Currently, there is no released version of dyndnsupdate that contains a
    fix for these issues. The original xzabite.org distribution site is
    dead, the code contains several other problems and more secure
    alternatives exist, such as the net-dns/ddclient package. Therefore,
    the dyndnsupdate package has been hard-masked prior to complete removal
    from Portage, and current users are advised to unmerge the package:
    # emerge --unmerge net-misc/dyndnsupdate"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:dyndnsupdate");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/03/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/21");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/dyndnsupdate", unaffected:make_list(), vulnerable:make_list("le 0.6.15"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xzabite dyndnsupdate");
}