Public bug reported:
References:
DSA-1434-1 (http://www.debian.org/security/2007/dsa-1434)
Quoting DSA-1434-1:
"It was discovered that in MyDNS, a domain name server with database backend,
the daemon could be crashed through malicious remote update requests, which may
lead to denial of service."
Quoting CVE-2007-2362:
"Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a
denial of service (daemon crash) and possibly execute arbitrary code via a
certain update, which triggers a heap-based buffer overflow in update.c; and
(2) cause a denial of service (daemon crash) via unspecified vectors that
trigger an off-by-one stack-based buffer overflow in update.c."
** Affects: mydns (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2362
--
[mydns] [CVE-2007-2362] buffer overflow
https://bugs.launchpad.net/bugs/176919
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
