Zero-day vulnerability in Compress::Raw::Zlib

The vulnerability was exploited in the wild against AMaViS and SpamAssassin using email messages with malicious attachments.

Advisory: SB2009061301 - Remote code execution in Compress::Raw::Zlib Perl module

Vulnerable component: Compress::Raw::Zlib

CVE-ID: CVE-2009-1391

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-193 - Off-by-one Error

Description:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to off-by-one error in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017 when processing specially crafted zlib archives. A remote attacker can pass a specially crafted zlib archive to vulnerable application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited in the wild against AMaViS and SpamAssassin, which use vulnerable Perl module.

- Compress::Raw::Zlib Perl Module - Remote Code Execution [Exploit-DB]

External links:

https://home.mcafee.com/virusinfo/virusprofile.aspx?key=160105#none
https://bugzilla.redhat.com/show_bug.cgi?id=504386
http://code.activestate.com/lists/activeperl/%3c00e401ca276c$9deaea50$d9c0bef0$@com%3e/