[原文]Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.
Toby Dickenson is credited with the discovery of this issue.
Multiple remote buffer overflow vulnerabilities affect Xzabite's dyndnsupdate. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the privileges of a user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Gentoo Linux has released an advisory dealing with this issue. Gentoo advises that all users should upgrade their packages by executing the following commands with superuser privileges:
emerge --unmerge net-misc/dyndnsupdate
For more information, please see the referenced Gentoo Linux advisory.