Vulnerabilities > CVE-2007-2362 - Remote Dynamic DNS Update vulnerability in DON Moore Mydns 1.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c. Successful exploitation requires update privileges and that "allow-update" is set to "yes" in mydns.conf.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | MyDNS 1.1.0 Remote Heap Overflow PoC. CVE-2007-2362. Dos exploit for linux platform |
id | EDB-ID:3807 |
last seen | 2016-01-31 |
modified | 2007-04-27 |
published | 2007-04-27 |
reporter | mu-b |
source | https://www.exploit-db.com/download/3807/ |
title | MyDNS 1.1.0 - Remote Heap Overflow PoC |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1434.NASL |
description | It was discovered that in MyDNS, a domain name server with database backend, the daemon could be crashed through malicious remote update requests, which may lead to denial of service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29707 |
published | 2007-12-17 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/29707 |
title | Debian DSA-1434-1 : mydns - buffer overflow |
code |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html
- http://osvdb.org/35438
- http://osvdb.org/35439
- http://secunia.com/advisories/25007
- http://secunia.com/advisories/28086
- http://securityreason.com/securityalert/2658
- http://www.debian.org/security/2007/dsa-1434
- http://www.digit-labs.org/files/exploits/mydns-rr-smash.c
- http://www.digit-labs.org/files/patches/mydns-update.c.diff
- http://www.securityfocus.com/bid/23694
- http://www.vupen.com/english/advisories/2007/1561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33933