blob: 3ae24aaa8da4844a48d1688f3c825e9acdf9525c [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200503-27">
<title>Xzabite dyndnsupdate: Multiple vulnerabilities</title>
Xzabite's dyndnsupdate software suffers from multiple vulnerabilities,
potentially resulting in the remote execution of arbitrary code.
<product type="ebuild">dyndnsupdate</product>
<announced>March 21, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="net-misc/dyndnsupdate" auto="yes" arch="*">
<vulnerable range="le">0.6.15</vulnerable>
dyndnsupdate is a data updater written by Fredrik "xzabite"
Toby Dickenson discovered that dyndnsupdate suffers from multiple
<impact type="normal">
A remote attacker, posing as a server, could execute
arbitrary code with the rights of the user running dyndnsupdate.
There is no known workaround at this time.
Currently, there is no released version of dyndnsupdate that contains a
fix for these issues. The original distribution site is
dead, the code contains several other problems and more secure
alternatives exist, such as the net-dns/ddclient package. Therefore,
the dyndnsupdate package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge net-misc/dyndnsupdate</code>
<uri link="">CVE-2005-0830</uri>
<metadata tag="submitter" timestamp="Mon, 21 Mar 2005 09:32:52 +0000">
<metadata tag="bugReady" timestamp="Mon, 21 Mar 2005 14:30:08 +0000">