Description
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Affected products
- amavis / amavis2.4.1
- Avast / AVAST Antivirus4.7.700 – 4.7.700
- Avast / AVAST Antivirus4.6.394 – 4.6.394
- Avast / AVAST Antivirus4.7.652 – 4.7.652
- Avast / AVAST Antivirus4.7.980
- Avast / avast_antivirus_home4.6.665 – 4.6.665
- Avast / avast_antivirus_home4.6.691 – 4.6.691
- Avast / avast_antivirus_home4.7.827 – 4.7.827
- Avast / avast_antivirus_home4.7.827 – 4.7.827
- Avast / avast_antivirus_home4.7.844 – 4.7.844
- Avast / avast_antivirus_home4.7.844 – 4.7.844
- Avast / avast_antivirus_home4.7.869 – 4.7.869
- Avast / avast_antivirus_home4.7.869 – 4.7.869
- Avast / avast_antivirus_home4.7.1043 – 4.7.1043
- Avast / avast_antivirus_home4.7.1043 – 4.7.1043
- Avast / avast_antivirus_home4.7.1098 – 4.7.1098
- Avast / avast_antivirus_home4.7.1098 – 4.7.1098
- Avast / avast_antivirus_home4.0 – 4.0
- Avast / avast_antivirus_home4.6 – 4.6
- Avast / avast_antivirus_home4.6.652 – 4.6.652
- Avast / avast_antivirus_home4.6.655 – 4.6.655
- Avast / avast_antivirus_professional4.6 – 4.6
- Avast / avast_antivirus_professional4.0 – 4.0
- Avast / avast_antivirus_professional4.6.603 – 4.6.603
- Avast / avast_antivirus_professional4.6.652 – 4.6.652
- Avast / avast_antivirus_professional4.6.665 – 4.6.665
- Avast / avast_antivirus_professional4.6.691 – 4.6.691
- Avast / avast_antivirus_professional4.7.827 – 4.7.827
- Avast / avast_antivirus_professional4.7.827 – 4.7.827
- Avast / avast_antivirus_professional4.7.844 – 4.7.844
- Avast / avast_antivirus_professional4.7.844 – 4.7.844
- Avast / avast_antivirus_professional4.7.869 – 4.7.869
- Avast / avast_antivirus_professional4.7.1043 – 4.7.1043
- Avast / avast_antivirus_professional4.7.1043 – 4.7.1043
- Avast / avast_antivirus_professional4.7.1098 – 4.7.1098
- Avira / antivir
- Avira / antivir6.35.00.00 – 6.35.00.00
- Avira / antivir7.04.00.23 – 7.04.00.23
- Avira / antivir_personal
- Avira / antivir_personal
- Avira / antivir_personal
- Avira / antivir_personal7 – 7
- Avira / antivir_personal7 – 7
- Barracuda Networks / barracuda_spam_firewallmodel_900 – model_900
- Barracuda Networks / barracuda_spam_firewallmodel_200 – model_200
- Barracuda Networks / barracuda_spam_firewallmodel_300 – model_300
- Barracuda Networks / barracuda_spam_firewallmodel_400 – model_400
- Barracuda Networks / barracuda_spam_firewallmodel_500 – model_500
- Barracuda Networks / barracuda_spam_firewallmodel_600 – model_600
- Barracuda Networks / barracuda_spam_firewallmodel_800 – model_800
- Barracuda Networks / barracuda_spam_firewall
- Barracuda Networks / barracuda_spam_firewallmodel_100 – model_100
- panda / panda_antivirus2007 – 2007
- panda / panda_antivirus_and_firewall2007 – 2007
- picozip / picozip
- rahul_dhesi / zoo2.10
- unzoo / unzoo4.4 – 4.4
- winace / winace
References
- MISChttp://www.amavis.org/security/asa-2007-2.txt
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34080
- MISChttp://osvdb.org/36208
- MISChttp://www.securityfocus.com/bid/23823
- VENDOR_ADVISORYhttp://secunia.com/advisories/25315
- MISChttp://www.securityfocus.com/archive/1/467646/100/0/threaded
- MISChttp://securityreason.com/securityalert/2680