No-IP has released an updated version of the Linux Dynamic Update Client (DUC). A potential vulnerability for buffer overflow has been discovered in the current Linux version of the client. The buffer overflow vulnerability can possibly be exploited to compromise a user’s computer for the execution of arbitrary code. Older versions of the Linux client are affected too. This vulnerability can be exploited if attacker tricks a user to connect to a fake update No-IP dynamic update server.
No-IP recommends all users running the older version of the Linux DUC 2.1.1 through 2.1.8 to upgrade to the 2.1.9 version and re-run the configuration wizard. This is done by invoking “noip2 -C” at the prompt.
The newest version is available on our website or by following this link.