CVE-2006-0855

Name	CVE-2006-0855
Description	Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-991-1
Debian Bugs	354461

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
zoo (PTS)	jessie	2.10-27	fixed
	stretch	2.10-28	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
zoo	source	woody	2.10-9woody0		DSA-991-1
zoo	source	sarge	2.10-11sarge0		DSA-991-1
zoo	source	(unstable)	2.10-17			354461