CVE-2006-0855

NameCVE-2006-0855
DescriptionStack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-991-1
NVD severitymedium (attack range: remote)
Debian Bugs354461

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zoo (PTS)wheezy, jessie2.10-27fixed
buster, sid, stretch2.10-28fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zoosource(unstable)2.10-17medium354461
zoosourcesarge2.10-11sarge0mediumDSA-991-1
zoosourcewoody2.10-9woody0mediumDSA-991-1

Search for package or bug name: Reporting problems