Debian Security Advisory DSA 1686-1 (no-ip) Network Vulnerability

Summary

The remote host is missing an update to no-ip announced via advisory DSA 1686-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201686-1

Insight

A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 2.1.1-4+etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 2.1.7-11. We recommend that you upgrade your no-ip package.

Severity

Classification

CVE CVE-2008-5297

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 078-1 (slrn)
Debian Security Advisory DSA 108-1 (wmtv)
Debian Security Advisory DSA 1037-1 (zgv)
Debian Security Advisory DSA 069-1 (xloadimage)
Debian Security Advisory DSA 1005-1 (xine-lib)

Take action and discover your vulnerabilities