|
 |
|
Sophos Anti-Virus RAR and CHM Denial of Service Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA22591
|
|
|
Release Date:
|
2006-10-30
|
|
Last Update:
|
2006-12-11
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sophos Anti-Virus 4.x
Sophos Anti-Virus 5.x
Sophos Anti-Virus for Windows 6.x
Sophos Anti-Virus Small Business Edition
|
| | CVE reference: | CVE-2006-5645 (Secunia mirror)
CVE-2006-5646 (Secunia mirror)
CVE-2006-5647 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
1) An error in the AntiVirus engine when processing RAR archives with "heap_size" and "pack_size" fields set to 0 in the Archive Header section can be exploited to make the engine enter into an infinite loop and stop scanning other files.
2) An error in the AntiVirus engine when processing CHM files with "Window_size" field set to 0 in the LZX decompression header can be exploited to cause a heap-based buffer overflow.
3) An error in the AntiVirus engine when processing CHM files with a large name length specified in the the CHM chunk header can be exploited to cause a memory corruption and may lead to execution of arbitrary code.
Please see the vendor's advisory for a list of affected versions.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to the latest version.
Provided and/or discovered by:
1) Titon, BastardLabs, Damian Put, and an anonymous researcher.
2, 3) Damian Put
Changelog:
2006-11-02: Added CVE reference.
2006-12-11: Updated various sections to include additional information from iDefense.
Original Advisory:
Sophos:
http://www.sophos.com/support/knowledgebase/article/7609.html
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=452
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
8 Related Secunia Security Advisories
|
|
|
1. Sophos Anti-Virus Multiple Archive Detection Bypass
|
|
2. Sophos Anti-Virus Archive Filename Script Insertion Vulnerability
|
|
3. Sophos Anti-Virus UPX and BZIP Processing Vulnerabilities
|
|
4. Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities
|
|
5. Sophos Anti-Virus Petite Plugin Denial of Service Vulnerability
|
|
6. Sophos Anti-Virus Cabinet File Processing Memory Corruption
|
|
7. Sophos Anti-Virus Visio File Parsing Buffer Overflow
|
|
8. Sophos Anti-Virus ZIP Archive Denial of Service Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
