Secunia Security Advisory - A vulnerability has been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service).
6506efd2a3943845c2b1adfe5fa08141dacbe25326aefda13b0c788bba7cd0ec
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Sophos Anti-Virus ZIP Archive Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA16082
VERIFY ADVISORY:
http://secunia.com/advisories/16082/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
Sophos MailMonitor 2.x
http://secunia.com/product/165/
Sophos Anti-Virus 5.x
http://secunia.com/product/5390/
Sophos Anti-Virus 4.x
http://secunia.com/product/5391/
Sophos Anti-Virus 3.x
http://secunia.com/product/164/
Sophos PureMessage 4.x
http://secunia.com/product/3876/
DESCRIPTION:
A vulnerability has been reported in Sophos Anti-Virus, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to missing validation checks on the
"Extra field length" value when scanning a ZIP archive compressed
using the BZIP2 algorithm. This can be exploited to cause an infinite
loop that consumes large amount of CPU resources via a malicious ZIP
file with an extra field length value of "0xFFFF".
Successful exploitation prevents further scanning, but requires the
non-default "Scan inside archive files" setting to be enabled.
The vulnerability has been reported in versions 3.91, 3.90, and
5.0.1. Other versions may also be affected.
SOLUTION:
Update to latest versions using automatic update.
The problem has reportedly been fixed in the following versions:
* Version 3.95.0 of Sophos Anti-Virus (all platforms)
* Version 5.0.4 of Sophos Anti-Virus (Windows 2000/XP/2003)
* Version 4.5.3 of Sophos Anti-Virus (Windows NT and Windows
95/98/Me)
* Latest updated versions of PureMessage for UNIX, Windows/Exchange
and MailMonitor.
PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
iDEFENSE:
http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed