Sophos Antivirus for Linux vulnerability

2009.08.06
Credit: iViZ
Risk: High
Local: No
Remote: Yes


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

----------------------------------------------------------------------- [ iViZ Security Advisory 08-015 10/12/2008 ] ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com ----------------------------------------------------------------------- * Title: Sophos Antivirus for Linux vulnerability * Date: 10/12/2008 * Software: Sophos SAVScan 4.33.0 for Linux --[ Synopsis: Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers : armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. --[ Affected Software: * Sophos SAVScan 4.33.0 for Linux, possibly others --[ Impact: Remote DoS, possibly remote code execution. --[ Vendor response: * Vendor acknowledged the problems and will "fix the issues" in the next release. --[ Credits: This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd. --[ Disclosure timeline: --[ Reference: http://www.ivizsecurity.com/security-advisory.html

References:

http://www.sophos.com/support/knowledgebase/article/50611.html
http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html
http://marc.info/?l=bugtraq&m=122893252316489&w=2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top