|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-27] Xzabite dyndnsupdate: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Xzabite dyndnsupdate: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-27
(Xzabite dyndnsupdate: Multiple vulnerabilities)
Toby Dickenson discovered that dyndnsupdate suffers from multiple
overflows.
Impact
A remote attacker, posing as a dyndns.org server, could execute
arbitrary code with the rights of the user running dyndnsupdate.
Workaround
There is no known workaround at this time.
Solution:
Currently, there is no released version of dyndnsupdate that
contains a fix for these issues. The original xzabite.org distribution
site is dead, the code contains several other problems and more secure
alternatives exist, such as the net-dns/ddclient package. Therefore,
the dyndnsupdate package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge net-misc/dyndnsupdate
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|