[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-0855

Date: (C)2006-02-23   (M)2017-07-21 


Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.

CVSS Score: 5.1Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1015668
SECTRACK-1015866
BID-16790
SECUNIA-19002
SECUNIA-19130
SECUNIA-19148
SECUNIA-19166
SECUNIA-19408
SECUNIA-19514
http://www.securityfocus.com/archive/1/archive/1/425887/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html
SREASON-546
ADV-2006-0705
ADV-2006-1220
DSA-991
GLSA-200603-05
SUSE-SR:2006:005
SUSE-SR:2006:006
http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt
http://www.guay-leroux.com/projects/zoo-advisory.txt
zoo-misc-bo(24904)

CWE    1
CWE-119

© 2013 SecPod Technologies