CVE-2009-1391 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-1391
Status UNKNOWN
Description Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
Severity Medium
CVSS score 6,8
CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Phase ASSIGNED (21.08.2009)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1391
References BID : 35307
CONFIRM : https://bugs.gentoo.org/show_bug.cgi?id=273141
CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=504386
FEDORA : FEDORA-2009-7680
GENTOO : GLSA-200908-07
MANDRIVA : MDVSA-2009:157
MISC : http://article.gmane.org/gmane.mail.virus.amavis.u...
MISC : http://article.gmane.org/gmane.mail.virus.amavis.u...
MISC : http://thread.gmane.org/gmane.mail.virus.amavis.us...
OSVDB : 55041
SECUNIA : 35422
SECUNIA : 35685
SECUNIA : 35689
SECUNIA : 35876
SUSE : SUSE-SR:2009:012
UBUNTU : USN-794-1
VUPEN : ADV-2009-1571
XF : perl-compressrawzlib-inflate-bo(51062)
SecurityVulns: perl DoS

test server