Summary: | net-dns/noip-updater <2.1.9: Stack-based buffer overflow (CVE-2008-5297) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | jieryn <jieryn> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | major | CC: | 98036119lmak, danielpi, dragonheart, gentoo-bugzilla, gentoobugs, rb6, takreeger, zeekec | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://secunia.com/advisories/32761/ | ||||||||||
Whiteboard: | B1 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Bug Depends on: | 248758 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
jieryn
2008-11-25 01:30:20 UTC
Added Secunia link. *** Bug 248727 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 248758 *** This is not a duplicate, sorry for the bugspam. *PING* *Additional Ping* CVE-2008-5297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5297): Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS servers to execute arbitrary code via a crafted DNS response, related to a missing length check in the GetNextLine function. Created attachment 175075 [details, diff]
noip-updater-2.1.9.ebuild.patch
since dragonheart is away until the 20th,
patch to apply on top of noip-updater-2.1.7-r1
Created attachment 175077 [details]
noip-2.1.9-flags.patch
updated patch from noip-2.1.3-cflags with added bonus that it respects ldflags.
Created attachment 175079 [details]
noip-2.1.9-daemon.patch
update patch from noip-2.1.4-daemon.patch
ebuild commited to the tree. Arches, please test and mark stable: =net-dns/noip-updater-2.1.9 Target keywords : "alpha amd64 ia64 ppc64 sparc x86" ppc64 done Stable on alpha. amd64/x86 stable ia64/sparc stable GLSA request filed. GLSA 200901-12 |