81 matches found
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
Design/Logic Flaw
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
CVE-2022-41352
CVE-2022-41352 affects Zimbra Collaboration (ZCS) 8.8.15 and 9.0. The issue arises from an amavis/cpio handling path traversal that can cause arbitrary file writes to /opt/zimbra/jetty/webapps/zimbra/public, enabling unauthorized access to other user accounts. Public details confirm the root caus...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
openSUSE Security Update : amavisd-new (openSUSE-2019-297)
This update for amavisd-new fixes the following issues : Security issue fixed : - CVE-2016-1238: Workedaround a perl vulnerability by removing a trailing dot element from @INCbsc987887. Other issues addressed : - update to version 2.11.1 bsc1123389. - amavis-services: bumping up syslog level from...
SUSE SLED15 / SLES15 Security Update : amavisd-new (SUSE-SU-2019:0505-1)
This update for amavisd-new fixes the following issues : wmavisd-new was updated to version 2.11.1 bsc1123389 : removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 bsc987887 amavis-services: bumping up syslog level from LOGNOTICE to LOGERR for a messag...
SUSE SLES11 Security Update : clamav (SUSE-SU-2017:1763-1)
This update for clamav fixes the following issues: Security issue fixed : - CVE-2012-6706: Fixed an arbitrary memory write in VMSFDELTA filter in libclamunrar bsc1045490 Non security issue fixed : - Fix permissions of /var/spool/amavis. bsc815106 Note that Tenable Network Security has extracted t...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
Amavis 0.1.6 Header Parsing Mail Relaying Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220...
Mandriva Security Advisory MDVSA-2009:157-1 (perl-Compress-Raw-Zlib)
The remote host is missing an update to perl-Compress-Raw-Zlib announced via advisory MDVSA-2009:157-1. OpenVAS Vulnerability Test $Id: mdksa20091571.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:157-1 perl-Compress-Raw-Zlib Authors: Thomas Reinke...
SuSE9 Security Update : perl-Archive-Zip (YOU Patch Number 9462)
Mail virus scanners like amavis use perl-Archive-Zip to scan ZIP archives. A bug in the handling of files with manipulated size entires has been fixed that could leave malicious code in such files undetected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin...
GLSA-200908-07 : Perl Compress::Raw modules: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200908-07 Perl Compress::Raw modules: Denial of Service Leo Bergolth reported an off-by-one error in the inflate function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow CVE-2009-1391. Paul...
Mandriva Linux Security Advisory : perl-Compress-Raw-Zlib (MDVSA-2009:157-1)
A vulnerability has been found and corrected in perl-Compress-Raw-Zlib : Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of servi...
Heap overflow
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...
DEBIAN-CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...
CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...
CVE-2009-1391
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...