|
||||||||||||||||
|
||||||||||||||||
|
| |||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
|
 |
| |
|
| |
| |
|
|
|
|
|
|
|
áòèé÷ :: Security-alerts |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [security-alerts] FW: [SA26580] Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities
> > TITLE: > Sophos Anti-Virus UPX and BZIP Processing Denial of Service > Vulnerabilities > > SECUNIA ADVISORY ID: > SA26580 > > VERIFY ADVISORY: > > > CRITICAL: > Moderately critical > > IMPACT: > DoS > > WHERE: > From remote > > SOFTWARE: > Sophos Anti-Virus Small Business Edition 2.x > > Sophos Anti-Virus Small Business Edition > > Sophos Anti-Virus for Windows 6.x > > Sophos Anti-Virus 5.x > > Sophos Anti-Virus 4.x > > Sophos Anti-Virus 3.x > > > DESCRIPTION: > Two vulnerabilities have been reported in Sophos Anti-Virus, which > can be exploited by malicious people to cause a DoS (Denial of > Service). > > 1) An unspecified error when processing UPX-compressed executables > can be exploited to cause the engine to crash. > > 2) An unspecified error when processing BZIP archives can be > exploited to e.g. cause all the available disk space to be used for > the engine's temporary files. > > The vulnerabilities are reported in Sophos Anti-Virus with engine > versions prior to 2.48.0. > > SOLUTION: > Update to engine version 2.48.0 or later. > > PROVIDED AND/OR DISCOVERED BY: > The vendor credits Sergio 'shadown' Alvarez of n.runs AG. > > ORIGINAL ADVISORY: > >
|