CVE-2007-2362

NameCVE-2007-2362
DescriptionMultiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1434-1, DTSA-36-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mydnssource(unstable)1:1.1.0-8high
mydnssourceetch1:1.1.0-7etch1highDSA-1434-1
mydnssourcelenny1:1.1.0-7.1lenny1highDTSA-36-1
mydnssourcesarge(not affected)

Notes

[sarge] - mydns <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems