No-IP has released an updated version of the Linux Dynamic Update Client (DUC). A potential vulnerability for buffer overflow has been discovered in the current Linux version of the client. The buffer overflow vulnerability can possibly be exploited to compromise a user’s computer for the execution of arbitrary code. Older versions of the Linux client are affected too. This vulnerability can be exploited if attacker tricks a user to connect to a fake update No-IP dynamic update server.
No-IP recommends all users running the older version of the Linux DUC 2.1.1 through 2.1.8 to upgrade to the 2.1.9 version and re-run the configuration wizard. This is done by invoking “noip2 -C” at the prompt.
The newest version is available on our website or by following this link.
Thanks for this great service! I have made a tutorial on how to install no-ip duc client from source on debian based systems: http://ubuntu-for-humans.blogspot.com/2010/02/install-no-ip-client-from-source-on.html