|
Sophos Anti-Virus Multiple Archive Detection Bypass
|
|
|
|
|
Secunia Advisory:
|
SA26726
|
|
|
Release Date:
|
2007-09-07
|
|
Last Update:
|
2007-09-11
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sophos Anti-Virus 3.x
Sophos Anti-Virus 4.x
Sophos Anti-Virus 5.x
Sophos Anti-Virus 7.x
Sophos Anti-Virus for Windows 6.x
Sophos Anti-Virus Small Business Edition
Sophos Anti-Virus Small Business Edition 2.x
Sophos Endpoint Security and Control 7
Sophos Enterprise Manager (EM Library) 1.x
Sophos MailMonitor for Notes/Domino
Sophos MailMonitor for SMTP
Sophos PureMessage for UNIX 4.x
Sophos PureMessage for UNIX 5.x
Sophos PureMessage for Windows/Exchange 2.x
Sophos PureMessage Small Business Edition 2.x
|
| | CVE reference: | CVE-2007-4787 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malware to bypass the scanning functionality.
The vulnerabilities are caused due to errors in the handling of CAB, LZH and RAR archives with malformed file headers. These can be exploited to bypass the anti-virus scanning functionality via a specially crafted CAB, LZH, or RAR file.
The vulnerabilities are reported in all versions of Sophos Anti-Virus with engine versions prior to 2.49.0.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to engine version 2.49.0.
Provided and/or discovered by:
The vendor credits Thierry Zoller, n.runs AG.
Changelog:
2007-09-11: Added CVE reference.
Original Advisory:
http://www.sophos.com/support/knowledgebase/article/29146.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
14 Related Secunia Security Advisories, displaying 10
|
|
|
1. Sophos Products Zero-byte MIME Attachments Denial of Service
|
|
2. Sophos Anti-Virus "NtCreateKey()" Hooked Function Denial of Service
|
|
3. Sophos Anti-Virus Archive Filename Script Insertion Vulnerability
|
|
4. Sophos Anti-Virus UPX and BZIP Processing Vulnerabilities
|
|
5. Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities
|
|
6. Sophos Anti-Virus Petite Plugin Denial of Service Vulnerability
|
|
7. Sophos Anti-Virus RAR and CHM Denial of Service Vulnerabilities
|
|
8. Sophos Anti-Virus Cabinet File Processing Memory Corruption
|
|
9. Sophos Anti-Virus Visio File Parsing Buffer Overflow
|
|
10. Sophos Anti-Virus ZIP Archive Denial of Service Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
