CVE-2008-5297

Name of the Vulnerable Software and Affected Versions No-IP DUC version 2.1.7 and earlier

Description The issue is related to a buffer overflow that allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request. This is due to a missing length check in the GetNextLine function. Additionally, there are multiple vulnerabilities in the No-IP package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For No-IP DUC version 2.1.7 and earlier, consider disabling the GetNextLine function as a temporary workaround until a patch is available. Restrict access to the No-IP package to minimize the risk of exploitation. Avoid using the No-IP package for DNS updates until the issue is resolved.