Thread-topic: [SA26580] Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities
> Sophos Anti-Virus UPX and BZIP Processing Denial of Service
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Moderately critical
> From remote
> Sophos Anti-Virus Small Business Edition 2.x
> Sophos Anti-Virus Small Business Edition
> Sophos Anti-Virus for Windows 6.x
> Sophos Anti-Virus 5.x
> Sophos Anti-Virus 4.x
> Sophos Anti-Virus 3.x
> Two vulnerabilities have been reported in Sophos Anti-Virus, which
> can be exploited by malicious people to cause a DoS (Denial of
> 1) An unspecified error when processing UPX-compressed executables
> can be exploited to cause the engine to crash.
> 2) An unspecified error when processing BZIP archives can be
> exploited to e.g. cause all the available disk space to be used for
> the engine's temporary files.
> The vulnerabilities are reported in Sophos Anti-Virus with engine
> versions prior to 2.48.0.
> Update to engine version 2.48.0 or later.
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Sergio 'shadown' Alvarez of n.runs AG.
> ORIGINAL ADVISORY: