[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1391

Date: (C)2009-06-16   (M)2017-11-18 


Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-35307
SECUNIA-35422
SECUNIA-35685
SECUNIA-35689
SECUNIA-35876
OSVDB-55041
ADV-2009-1571
FEDORA-2009-7680
GLSA-200908-07
MDVSA-2009:157
SUSE-SR:2009:012
USN-794-1
http://article.gmane.org/gmane.mail.virus.amavis.user/33635
http://article.gmane.org/gmane.mail.virus.amavis.user/33638
http://thread.gmane.org/gmane.mail.virus.amavis.user/33635
https://bugs.gentoo.org/show_bug.cgi?id=273141
https://bugzilla.redhat.com/show_bug.cgi?id=504386
perl-compressrawzlib-inflate-bo(51062)

CWE    1
CWE-189
OVAL    7
oval:org.secpod.oval:def:300677
oval:org.secpod.oval:def:300909
oval:org.secpod.oval:def:102197
oval:org.secpod.oval:def:101978
...

© 2013 SecPod Technologies