Sophos.Anti-Virus.Zip.File.Handling.DoS

description-logoDescription

This indicates a possible exploit of a denial of service vulnerability in Sophos Anti-Virus.
The issue exists due to the failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users.
Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.

affected-products-logoAffected Products

Sophos Small Business Suite 1.0
Sophos PureMessage Anti-Virus 4.6
Sophos MailMonitor for SMTP 2.1
Sophos MailMonitor for SMTP 2.0
Sophos MailMonitor for Notes/Domino
Sophos Anti-Virus 5.0.1
Sophos Anti-Virus 3.91
Sophos Anti-Virus 3.90
Sophos Anti-Virus 3.86
Sophos Anti-Virus 3.85
Sophos Anti-Virus 3.84
Sophos Anti-Virus 3.83
Sophos Anti-Virus 3.82
Sophos Anti-Virus 3.81
Sophos Anti-Virus 3.80
Sophos Anti-Virus 3.79
Sophos Anti-Virus 3.78 d
Sophos Anti-Virus 3.78
Sophos Anti-Virus 3.4.6

Impact logoImpact

Denial of service, system compromise.

recomended-action-logoRecommended Actions

Apply the appropriate update for your system, available from the Sophos Technical Support Web page.
http://www.sophos.com/support/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)