[VIM] zoo - amavis - barracuda cross-ref problems

security curmudgeon jericho at attrition.org
Tue Jul 24 14:56:45 UTC 2007


http://www.amavis.org/security/asa-2007-2.txt
o zoo-2.10 - CVE-2007-1669:
   A patch for version 2.10 is provided in section VII of the original
   zoo advisory.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1669
Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, and 
Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, allows 
remote attackers to cause a denial of service (infinite loop) via a ZOO 
archive with a direntry structure that points to a previous file.

http://secunia.com/advisories/25315/
Amavis Zoo Denial of Service Vulnerability
CVE reference:		CVE-2007-1669



So the Amavis and Secunia advisory both ref the same CVE specifying 'Zoo', 
but CVE is more specific saying Barracuda and not wording it to mention 
Zoo as the underlying problem.


More information about the VIM mailing list