CVE-2007-1669
ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
zoo decoder versión 2.10 (zoo-2.10), tal como se utiliza en múltiples productos, incluyendo (1) Barracuda Spam Firewall versión 3.4 y posterior con virusdef anterior a la versión 2.0.6399, (2) Spam Firewall anterior a la versión 3.4 20070319 con virusdef anterior a 2.0.6399o, y (3) AmaViS versión 2.4.1 y anteriores, permite a atacantes remotos generar una denegación de servicio (bucle infinito) por medio del componente ZOO Archive con una estructura direntry que apunta hacia un archivo anterior.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-03-24 CVE Reserved
- 2007-05-04 First Exploit
- 2007-05-09 CVE Published
- 2024-03-12 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/2680 | Third Party Advisory | |
| http://www.amavis.org/security/asa-2007-2.txt | X_refsource_confirm | |
| http://www.attrition.org/pipermail/vim/2007-July/001725.html | Mailing List | |
| http://www.osvdb.org/35795 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/467646/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2007/1699 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3851 | 2007-05-04 | |
| http://www.securityfocus.com/bid/23823 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25122 | 2018-10-16 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25315 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.1.17 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.1.17" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.1.18 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.1.18" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.0.54 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.0.54" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.01.001 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.01.001" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.3 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.3" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.03.053 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.03.053" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.03.055 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.03.055" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.3.15.026 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.3.15.026" | - |
Safe
|
| Amavis Search vendor "Amavis" | Amavis Search vendor "Amavis" for product "Amavis" | <= 2.4.1 Search vendor "Amavis" for product "Amavis" and version " <= 2.4.1" | - |
Affected
| in | Barracuda Networks Search vendor "Barracuda Networks" | Barracuda Spam Firewall Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" | 3.4 Search vendor "Barracuda Networks" for product "Barracuda Spam Firewall" and version "3.4" | - |
Safe
|