Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA26580] Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities



>
> TITLE:
> Sophos Anti-Virus UPX and BZIP Processing Denial of Service
> Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA26580
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26580/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> Sophos Anti-Virus Small Business Edition 2.x
> http://secunia.com/product/14829/
> Sophos Anti-Virus Small Business Edition
> http://secunia.com/product/9822/
> Sophos Anti-Virus for Windows 6.x
> http://secunia.com/product/12449/
> Sophos Anti-Virus 5.x
> http://secunia.com/product/5390/
> Sophos Anti-Virus 4.x
> http://secunia.com/product/5391/
> Sophos Anti-Virus 3.x
> http://secunia.com/product/164/
>
> DESCRIPTION:
> Two vulnerabilities have been reported in Sophos Anti-Virus, which
> can be exploited by malicious people to cause a DoS (Denial of
> Service).
>
> 1) An unspecified error when processing UPX-compressed executables
> can be exploited to cause the engine to crash.
>
> 2) An unspecified error when processing BZIP archives can be
> exploited to e.g. cause all the available disk space to be used for
> the engine's temporary files.
>
> The vulnerabilities are reported in Sophos Anti-Virus with engine
> versions prior to 2.48.0.
>
> SOLUTION:
> Update to engine version 2.48.0 or later.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Sergio 'shadown' Alvarez of n.runs AG.
>
> ORIGINAL ADVISORY:
> http://www.sophos.com/support/knowledgebase/article/28407.html
>



 




Copyright © Lexa Software, 1996-2009.