Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
BID:25428
Info
Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
| Bugtraq ID: | 25428 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4578 CVE-2007-4577 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 23 2007 12:00AM |
| Updated: | Jul 05 2016 09:38PM |
| Credit: | Sergio 'shadown' Alvarez is credited with discovering these issues. |
| Vulnerable: |
Sophos Antivirus for Linux 4.03 Sophos Anti-Virus Small Business Edition 4.05 Sophos Anti-Virus Small Business Edition 4.04 Sophos Anti-virus Scanning Engine 2.40.2 Sophos Anti-virus Scanning Engine 0 Sophos Anti-Virus for Linux (on-access) 5.0.9 Sophos Anti-Virus Engine 2.30.4 Sophos Anti-Virus 6.5 Sophos Anti-Virus 5.2.1 Sophos Anti-Virus 5.2 Sophos Anti-Virus 5.0.4 Sophos Anti-Virus 5.0.2 Sophos Anti-Virus 5.0.1 Sophos Anti-Virus 4.7.2 Sophos Anti-Virus 4.7.1 Sophos Anti-Virus 4.5.12 Sophos Anti-Virus 4.5.11 Sophos Anti-Virus 4.5.4 Sophos Anti-Virus 4.5.3 Sophos Anti-Virus 3.96 .0 Sophos Anti-Virus 3.95 Sophos Anti-Virus 3.91 Sophos Anti-Virus 3.90 Sophos Anti-Virus 3.86 Sophos Anti-Virus 3.85 Sophos Anti-Virus 3.84 Sophos Anti-Virus 3.83 Sophos Anti-Virus 3.82 Sophos Anti-Virus 3.81 Sophos Anti-Virus 3.80 Sophos Anti-Virus 3.79 Sophos Anti-Virus 3.78 d Sophos Anti-Virus 3.78 Sophos Anti-Virus 3.4.6 Sophos Anti-Virus 6.0 Sophos Anti-Virus 5.1 Sophos Anti-Virus 4.05 Sophos Anti-Virus 4.04 |
| Not Vulnerable: | |
Discussion
Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
Sophos Anti-Virus is prone to multiple remote vulnerabilities, including a remote code-execution issue and a denial-of-service issue.
A remote attacker can exploit these issues to execute arbitrary code within the context of the affected application or to crash the application, denying service to legitimate users. Successful exploits may also crash the antivirus engine or exhaust disk space on affected computers.
This issue affects Sophos applications using versions of the antivirus engine prior to 2.48.0.
Sophos Anti-Virus is prone to multiple remote vulnerabilities, including a remote code-execution issue and a denial-of-service issue.
A remote attacker can exploit these issues to execute arbitrary code within the context of the affected application or to crash the application, denying service to legitimate users. Successful exploits may also crash the antivirus engine or exhaust disk space on affected computers.
This issue affects Sophos applications using versions of the antivirus engine prior to 2.48.0.
Exploit / POC
Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
Solution:
The vendor released fixes to address these issues. Please contact the vendor for information on how to obtain and apply these fixes.
Solution:
The vendor released fixes to address these issues. Please contact the vendor for information on how to obtain and apply these fixes.
References
Sophos Anti-Virus UPX and BZIP Multiple Remote Vulnerabilities
References:
References:
- Sophos Homepage (Sophos)
- n.runs, Sophos, German laws, and customer safety ([email protected])
- n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory ([email protected])
- n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Adviso ([email protected])
- Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrar (Jan Münther)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Ad (Sergio Alvarez)
- Re: n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Ad ([email protected])
- Advisory: Sophos Anti-Virus vulnerabilities reported by n.runs (Sophos)