CVE-2007-1673
https://notcve.org/view.php?id=CVE-2007-1673
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •
CVE-2007-1669 – ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-1669
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. zoo decoder versión 2.10 (zoo-2.10), tal como se utiliza en múltiples productos, incluyendo (1) Barracuda Spam Firewall versión 3.4 y posterior con virusdef anterior a la versión 2.0.6399, (2) Spam Firewall anterior a la versión 3.4 20070319 con virusdef anterior a 2.0.6399o, y (3) AmaViS versión 2.4.1 y anteriores, permite a atacantes remotos generar una denegación de servicio (bucle infinito) por medio del componente ZOO Archive con una estructura direntry que apunta hacia un archivo anterior. • https://www.exploit-db.com/exploits/3851 http://secunia.com/advisories/25122 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.attrition.org/pipermail/vim/2007-July/001725.html http://www.osvdb.org/35795 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 http://www.vupen.com/english/advisories/2007/1699 https://exchange.xforce.ibmcl •
CVE-2007-2026
https://notcve.org/view.php?id=CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. El código regular de la expresión de gnu en el archivo 4.20 permite a atacantes dependientes del contexto provocar denegación de servicio (consumo de CPU) a través de documentos manipulados con un gran número de caracteres de avance de línea, el cual no es manejado de forma adecuada por las expresiones regulares OS/2 REXX que utilizan las wildcards, como originalmente se informo para AMaViS. • http://secunia.com/advisories/24918 http://secunia.com/advisories/25394 http://secunia.com/advisories/25544 http://secunia.com/advisories/25578 http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user http://www.amavis.org/security/asa-2007-3.txt http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:114 http://www.securityfocus.com/archive/1/469520/30/ •
CVE-2002-1109
https://notcve.org/view.php?id=CVE-2002-1109
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. • http://marc.info/?l=amavis-announce&m=103121272122242&w=2 http://marc.info/?l=bugtraq&m=103124270321404&w=2 http://www.iss.net/security_center/static/10056.php •
CVE-1999-1512
https://notcve.org/view.php?id=CVE-1999-1512
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field. • http://marc.info/?l=bugtraq&m=93219846414732&w=2 http://www.amavis.org/ChangeLog.txt http://www.securityfocus.com/bid/527 https://exchange.xforce.ibmcloud.com/vulnerabilities/2349 •