Full Disclosure mailing list archives
[IVIZ-08-015] Sophos Antivirus for Linux vulnerability
From: "iViZ Security Advisories" <advisories () ivizsecurity com>
Date: Wed, 10 Dec 2008 17:32:49 +0530
----------------------------------------------------------------------- [ iViZ Security Advisory 08-015 10/12/2008 ] ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com ----------------------------------------------------------------------- * Title: Sophos Antivirus for Linux vulnerability * Date: 10/12/2008 * Software: Sophos SAVScan 4.33.0 for Linux --[ Synopsis: Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers : armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. --[ Affected Software: * Sophos SAVScan 4.33.0 for Linux, possibly others --[ Impact: Remote DoS, possibly remote code execution. --[ Vendor response: * Vendor acknowledged the problems and will "fix the issues" in the next release. --[ Credits: This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd. --[ Disclosure timeline: --[ Reference: http://www.ivizsecurity.com/security-advisory.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [IVIZ-08-015] Sophos Antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)