Vulnerability CVE-2007-1669


Published: 2007-05-08   Modified: 2012-02-12

Description:
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Multiple vendors ZOO file decompression infinite loop DoS
Jean-Sebastien G...
12.05.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Amavis -> Amavis 

 References:
http://securityreason.com/securityalert/2680
http://www.amavis.org/security/asa-2007-2.txt
http://www.attrition.org/pipermail/vim/2007-July/001725.html
http://www.securityfocus.com/archive/1/467646/100/0/threaded
http://www.securityfocus.com/bid/23823
http://www.vupen.com/english/advisories/2007/1699
https://exchange.xforce.ibmcloud.com/vulnerabilities/34080

Copyright 2020, cxsecurity.com

 

Back to Top