Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200411-20
HistoryNov 11, 2004 - 12:00 a.m.

ez-ipupdate: Format string vulnerability

2004-11-1100:00:00
Gentoo Foundation
security.gentoo.org
9

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.006

Percentile

77.9%

JSON

Background

ez-ipupdate is a utility for updating host name information for a large number of dynamic DNS services.

Description

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate.

Impact

An attacker could exploit this to execute arbitrary code with the permissions of the user running ez-ipupdate, which could be the root user.

Workaround

There is no known workaround at this time.

Resolution

All ez-ipupdate users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/ez-ipupdate-3.0.11_beta8-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-dns/ez-ipupdate<= 3.0.11_beta8UNKNOWN

Related

nessus 5
openvas 6
osv 1
debian 2
freebsd 1
cvelist 1
nvd 1
securityvulns 2
cve 1
debiancve 1
ubuntucve 1
nessus
nessus
Mandrake Linux Security Advisory : ez-ipupdate (MDKSA-2004:129)
2004-11-13 00:00:00
GLSA-200411-20 : ez-ipupdate: Format string vulnerability
2004-11-13 00:00:00
FreeBSD : ez-ipupdate -- format string vulnerability (44)
2004-11-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-20 (ez-ipupdate)
2008-09-24 00:00:00
Debian Security Advisory DSA 592-1 (ez-ipupdate)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200411-20 (ez-ipupdate)
2008-09-24 00:00:00
osv
osv
ez-ipupdate - format string
2004-11-12 00:00:00
debian
debian
[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability
2004-11-12 07:56:40
[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability
2004-11-12 07:56:40
freebsd
freebsd
ez-ipupdate -- format string vulnerability
2004-11-11 00:00:00
cvelist
cvelist
CVE-2004-0980
2004-11-19 05:00:00
nvd
nvd
CVE-2004-0980
2005-02-09 05:00:00
securityvulns
securityvulns
[Full-Disclosure] MDKSA-2004:129 - Updated ez-ipupdate packages fix format string vulnerability
2004-11-11 00:00:00
[Full-Disclosure] ez-ipupdate format string bug
2004-11-11 00:00:00
cve
cve
CVE-2004-0980
2005-02-09 05:00:00
debiancve
debiancve
CVE-2004-0980
2005-02-09 05:00:00
ubuntucve
ubuntucve
CVE-2004-0980
2005-02-09 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.006

Percentile

77.9%

JSON
Related for GLSA-200411-20
nessus5openvas6osv1debian2freebsd1cvelist1nvd1securityvulns2cve1debiancve1ubuntucve1