Gentoo Logo

Xzabite dyndnsupdate: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200503-27 / dyndnsupdate
Release Date March 21, 2005
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/dyndnsupdate <= 0.6.15 All supported architectures

Related bugreports: #84659


Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, potentially resulting in the remote execution of arbitrary code.

2.  Impact Information


dyndnsupdate is a data updater written by Fredrik "xzabite" Haglund.


Toby Dickenson discovered that dyndnsupdate suffers from multiple overflows.


A remote attacker, posing as a server, could execute arbitrary code with the rights of the user running dyndnsupdate.

3.  Resolution Information


There is no known workaround at this time.


Currently, there is no released version of dyndnsupdate that contains a fix for these issues. The original distribution site is dead, the code contains several other problems and more secure alternatives exist, such as the net-dns/ddclient package. Therefore, the dyndnsupdate package has been hard-masked prior to complete removal from Portage, and current users are advised to unmerge the package:

Code Listing 3.1: Resolution

# emerge --unmerge net-misc/dyndnsupdate

4.  References


Page updated March 21, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.