[VIM] zoo - amavis - barracuda cross-ref problems
security curmudgeon
jericho at attrition.org
Tue Jul 24 14:56:45 UTC 2007
http://www.amavis.org/security/asa-2007-2.txt
o zoo-2.10 - CVE-2007-1669:
A patch for version 2.10 is provided in section VII of the original
zoo advisory.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1669
Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, and
Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, allows
remote attackers to cause a denial of service (infinite loop) via a ZOO
archive with a direntry structure that points to a previous file.
http://secunia.com/advisories/25315/
Amavis Zoo Denial of Service Vulnerability
CVE reference: CVE-2007-1669
So the Amavis and Secunia advisory both ref the same CVE specifying 'Zoo',
but CVE is more specific saying Barracuda and not wording it to mention
Zoo as the underlying problem.
More information about the VIM
mailing list