BID:23694

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

Info

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

Bugtraq ID:	23694
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 27 2007 12:00AM
Updated:	Dec 18 2007 08:06PM
Credit:	mu-b <[email protected]> is credited with discovering these issues.
Vulnerable:	MyDNS MyDNS 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:

Discussion

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

MyDNS is prone to two remote denial-of-service vulnerabilities that stem from flaws in MyDNS's dynamic DNS update feature.

Successfully exploiting these issues allows remote attackers to crash affected applications, denying service to legitimate users. Given the nature of one of the issues, remote code-execution may also be possible, but this has not been confirmed.

MyDNS 1.1.0 is vulnerable to these issues; other versions may also be affected.

Exploit / POC

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

The following exploit is available for one of the issues:

/data/vulnerabilities/exploits/mydns-rr-smash.c

Solution / Fix

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

Solution:
Debian has released updates to address these issues. Please see the references for more information.

References

MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities

References:

[Full-disclosure] mydns-1.1.0 remote heap overflow (mu-b )
MyDNS Homepage (MyDNS)