Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 248727 - Important No-IP Linux Update Client Security Update
Summary: Important No-IP Linux Update Client Security Update
Status: RESOLVED DUPLICATE of bug 248709
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://www.no-ip.com/downloads?page=l...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-25 02:31 UTC by honeymak
Modified: 2008-11-25 05:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description honeymak 2008-11-25 02:31:34 UTC
No-IP has determined that the following advisory is applicable to
one or more of the systems you have registered.


Security Advisory - 2008-11-22
------------------------------------------------------------------------------
Summary:
Important: No-IP Linux DUC (Dynamic Update Client)

An updated version of the No-IP Linux Dynamic Update Client that fixes
a security issue is now available.

This update has been rated as having important security impact.

Description:
Versions 2.1.1- > 2.1.8 are prone to a stack-based buffer-overflow due to
a boundary error when processing HTTP responses received  from the update
server. This can be exploited and cause a stack-based buffer overflow when
performing an update.

A malicious user could exploit this by faking the No-IP update server
via DNS poisoning or a man in the middle attack.  This can cause a denial of
service (client crash) or
potentially execute arbitrary code on the computer the client is running on.

Users running versions 2.1.8 and older are encouraged to upgrade to the most
recent version, 2.1.9
at http://www.no-ip.com/downloads?page=linux&av=1

Regards,

The No-IP Team

Note:  This email was sent from an unmonitored account.  If you have any
questions or comments please open a trouble ticket at
http://www.no-ip.com/ticket

Reproducible: Didn't try
Comment 1 Serkan Kaba (RETIRED) gentoo-dev 2008-11-25 05:21:22 UTC

*** This bug has been marked as a duplicate of bug 248709 ***