mu-b has reported a vulnerability in MyDNS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error within the "update_gobble_rr" function in src/mydns/update.c. This can be exploited to cause heap based buffer overflow and to crash the application. Successful exploitation requires update privileges and that "allow-update" is set to "yes" in mydns.conf. The vulnerability is reported in version 1.1.0. Other versions may also be affected. Solution: Set "allow-update" to "no". Provided and/or discovered by: mu-b Original Advisory: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html Reproducible: Always
*** This bug has been marked as a duplicate of bug 176130 ***