Full Disclosure mailing list archives
RE: Sophos Antivirus Library Remote Heap Overflow
From: "Dowling, Gabrielle" <dowlingg () sullcrom com>
Date: Sat, 27 Aug 2005 01:09:05 -0400
Sophos has had a fix for since August 5th... http://www.sophos.com/support/knowledgebase/article/3409.htmlj. The vulnerability was also publicly discussed prior to that time. G -----Original Message----- From: list () rem0te com [mailto:list () rem0te com] Sent: Friday, August 26, 2005 8:36 AM To: full-disclosure () lists grok org uk; bugtraq () securityfocus com Subject: Sophos Antivirus Library Remote Heap Overflow Date August 26, 2005 Vulnerability The Sophos Antivirus Library provides file format support for virus analysis. During analysis of Visio files Sophos is vulnerable to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remotely without user interaction or authentication through common protocols such as SMTP, SMB, HTTP, FTP, etc. Impact Successful exploitation of Sophos protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Sophos Antivirus Library implementations are likely vulnerable in their default configuration. Affected Products Sophos Antivirus for Windows 2000/XP/2003 Sophos Antivirus for Windows NT Sophos Antivirus for Mac OS X Sophos Antivirus for MAC 8/9 Sophos Antivirus for UNIX/Linux Sophos Antivirus for Netware Sophos Antivirus for OS/2 Sophos Antivirus for OpenVMS Sophos Antivirus for DOS/Windows 3.1x Sophos Antivirus Small Business Edition for Windows Sophos Antivirus Small Business Edition for Mac PureMessage Small Business Edition PureMessage for Windows/Exchange PureMessage for UNIX MailMonitor for SMTP - Windows MailMonitor for Notes/Domino MailMonitor for Exchange The Sophos Antivirus Library is also OEM by over 25 other vendors with products that are affected by this vulnerability; see the following link for a list. There are also several vendors not listed that OEM the Sophos Antivirus Library. Refer to Sophos or your vendor for specifics. http://www.sophos.com/partners/oem/ Credit This vulnerability was discovered and researched by Alex Wheeler. Contact security () rem0te com Details http://www.rem0te.com/public/images/sophos.pdf ----------------------------------------- This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sophos Antivirus Library Remote Heap Overflow list (Aug 26)
- <Possible follow-ups>
- RE: Sophos Antivirus Library Remote Heap Overflow Dowling, Gabrielle (Aug 26)
- Re: Sophos Antivirus Library Remote Heap Overflow list (Aug 28)