CVE-2007-2362

MyDNS 1.1.0 - Remote Buffer Overflow in update.c

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2362. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in myDNS <= 1.1.0 via a malformed DNS update query. It crafts a UDP packet with a large NOP sled to trigger the overflow, potentially leading to remote code execution.

Description

Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cdoslinux

https://www.exploit-db.com/exploits/3807

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in myDNS <= 1.1.0 via a malformed DNS update query. It crafts a UDP packet with a large NOP sled to trigger the overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: myDNS <= 1.1.0

No auth needed

Prerequisites: Network access to the target's DNS port (53/UDP) · Target running vulnerable myDNS version

MITRE ATT&CK