CVE-2007-2362

NameCVE-2007-2362
DescriptionMultiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1434-1, DTSA-36-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mydnssourcesarge(not affected)
mydnssourceetch1:1.1.0-7etch1DSA-1434-1
mydnssourcelenny1:1.1.0-7.1lenny1DTSA-36-1
mydnssource(unstable)1:1.1.0-8

Notes

[sarge] - mydns <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems