CVE-2007-2362 – MyDNS 1.1.0 - Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-2362
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c. Múltibles desbordamientos de búfer en MyDNS 1.1.0 permiten a atacantes remotos (1) provocar una denegación de servicio (caída del demonio) y posiblemente ejecutar código de su elección mediante una determinada actualización, la cual dispara un desbordamiento de búfer basado en montón en update.c; y (2) provocar una denegación de servicio (caída del demonio) mediante vectores no especificados que disparan un desbordamiento de búfer basado en pila por error de superación de límite (off-by-one) en update.c • https://www.exploit-db.com/exploits/3807 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html http://osvdb.org/35438 http://osvdb.org/35439 http://secunia.com/advisories/25007 http://secunia.com/advisories/28086 http://securityreason.com/securityalert/2658 http://www.debian.org/security/2007/dsa-1434 http://www.digit-labs.org/files/exploits/mydns-rr-smash.c http://www.digit-labs.org/files/patches/mydns-update.c.diff http://www.securityfocus.c •
CVE-2006-2075
https://notcve.org/view.php?id=CVE-2006-2075
Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite. • http://securitytracker.com/id?1015990 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.vupen.com/english/advisories/2006/1505 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •