cvelistv5 - cve-2007-1669

CVE-2007-1669 (GCVE-0-2007-1669)

Vulnerability from cvelistv5

Published

2007-05-09 00:00

Modified

2024-08-07 13:06

Severity ?

CWE

Summary

zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

References

URL

Tags

	http://www.amavis.org/security/asa-2007-2.txt	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34080	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/1699	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/23823	vdb-entry, x_refsource_BID
	http://www.attrition.org/pipermail/vim/2007-July/001725.html	mailing-list, x_refsource_VIM
	http://secunia.com/advisories/25315	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/467646/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/25122	third-party-advisory, x_refsource_SECUNIA
	http://securityreason.com/securityalert/2680	third-party-advisory, x_refsource_SREASON
	http://www.osvdb.org/35795	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:25.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.amavis.org/security/asa-2007-2.txt"
          },
          {
            "name": "multiple-vendor-zoo-dos(34080)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
          },
          {
            "name": "ADV-2007-1699",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1699"
          },
          {
            "name": "23823",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23823"
          },
          {
            "name": "20070724 zoo - amavis - barracuda cross-ref problems",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001725.html"
          },
          {
            "name": "25315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25315"
          },
          {
            "name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
          },
          {
            "name": "25122",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25122"
          },
          {
            "name": "2680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2680"
          },
          {
            "name": "35795",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/35795"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.amavis.org/security/asa-2007-2.txt"
        },
        {
          "name": "multiple-vendor-zoo-dos(34080)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
        },
        {
          "name": "ADV-2007-1699",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1699"
        },
        {
          "name": "23823",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23823"
        },
        {
          "name": "20070724 zoo - amavis - barracuda cross-ref problems",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001725.html"
        },
        {
          "name": "25315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25315"
        },
        {
          "name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
        },
        {
          "name": "25122",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25122"
        },
        {
          "name": "2680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2680"
        },
        {
          "name": "35795",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/35795"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1669",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.amavis.org/security/asa-2007-2.txt",
              "refsource": "CONFIRM",
              "url": "http://www.amavis.org/security/asa-2007-2.txt"
            },
            {
              "name": "multiple-vendor-zoo-dos(34080)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
            },
            {
              "name": "ADV-2007-1699",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1699"
            },
            {
              "name": "23823",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23823"
            },
            {
              "name": "20070724 zoo - amavis - barracuda cross-ref problems",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001725.html"
            },
            {
              "name": "25315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25315"
            },
            {
              "name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
            },
            {
              "name": "25122",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25122"
            },
            {
              "name": "2680",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2680"
            },
            {
              "name": "35795",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/35795"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1669",
    "datePublished": "2007-05-09T00:00:00.000Z",
    "dateReserved": "2007-03-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:06:25.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-212

Vulnerability from certfr_avis

Une vulnérabilité dans la gestion des archives au format zoo permet à un utilisateur malveillant de réaliser un déni de service à distance.

Description

Une vulnérabilité dans la gestion des archives au format zoo peut conduire à une boucle infinie et la consommation de toute la ressource processeur. Elle permet à un utilisateur malveillant de réaliser un déni de service à distance.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

Pour Avast!, migrer en version 4.7.981 ou ultérieure.

Pour Avira, migrer la bibliothèque avpack32.dll en version 7.3.0.6. La société annonce avoir corrigé la vulnérabilité de 22 mars 2007.

Pour Barracuda, migrer en firmware 3.4 ou ultérieur et en version de définition de virus 2.0.6399 ou ultérieure.

Pour Panda, la société annonce que la mise à jour corrigeant la vulnérabilité est automatique. Le correctif date du 02 avril 2007.

None

Impacted products

Vendor	Product	Description
N/A	N/A	Avira Antivir ;
Cisco	Small Business	Panda Antivirus Platinum 6.x et 7.x, Titanium, Entreprise Suite et Small Business Edition.
Cisco	N/A	Avast! home/professionnal 4.x ;
N/A	N/A	Barracuda Spam Firewall ;

References

Title

Publication Time

Tags

Bulletin de version Avast du 30 avril 2007 :	-	other
Bulletin de sécurité Barracuda du 04 mai 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Avira Antivir ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Panda Antivirus Platinum 6.x et 7.x, Titanium, Entreprise Suite et Small Business Edition.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Avast! home/professionnal 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Barracuda Spam Firewall ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la gestion des archives au format zoo peut\nconduire \u00e0 une boucle infinie et la consommation de toute la ressource\nprocesseur. Elle permet \u00e0 un utilisateur malveillant de r\u00e9aliser un d\u00e9ni\nde service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nPour Avast!, migrer en version 4.7.981 ou ult\u00e9rieure.\n\nPour Avira, migrer la biblioth\u00e8que avpack32.dll en version 7.3.0.6. La\nsoci\u00e9t\u00e9 annonce avoir corrig\u00e9 la vuln\u00e9rabilit\u00e9 de 22 mars 2007.\n\nPour Barracuda, migrer en firmware 3.4 ou ult\u00e9rieur et en version de\nd\u00e9finition de virus 2.0.6399 ou ult\u00e9rieure.\n\nPour Panda, la soci\u00e9t\u00e9 annonce que la mise \u00e0 jour corrigeant la\nvuln\u00e9rabilit\u00e9 est automatique. Le correctif date du 02 avril 2007.\n",
  "cves": [
    {
      "name": "CVE-2007-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1671"
    },
    {
      "name": "CVE-2007-1672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1672"
    },
    {
      "name": "CVE-2007-1669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1669"
    },
    {
      "name": "CVE-2007-1670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1670"
    }
  ],
  "initial_release_date": "2007-05-09T00:00:00",
  "last_revision_date": "2007-05-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de version Avast du 30    avril 2007 :",
      "url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Barracuda    du 04 mai 2007 :",
      "url": "http://www.barracudanetworks.com/ns/resources/tech_alert.php"
    }
  ],
  "reference": "CERTA-2007-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des archives au format zoo permet \u00e0 un\nutilisateur malveillant de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de plusieurs produits de s\u00e9curit\u00e9",
  "vendor_advisories": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-1669 (GCVE-0-2007-1669)

Vulnerability from cvelistv5

CERTA-2007-AVI-212

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature