Intrusion Prevention

Sophos.Anti-Virus.Zip.File.Handling.DoS

Description

This indicates a possible exploit of a denial of service vulnerability in Sophos Anti-Virus.
The issue exists due to the failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users.
Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.

Affected Products

Sophos Small Business Suite 1.0
Sophos PureMessage Anti-Virus 4.6
Sophos MailMonitor for SMTP 2.1
Sophos MailMonitor for SMTP 2.0
Sophos MailMonitor for Notes/Domino
Sophos Anti-Virus 5.0.1
Sophos Anti-Virus 3.91
Sophos Anti-Virus 3.90
Sophos Anti-Virus 3.86
Sophos Anti-Virus 3.85
Sophos Anti-Virus 3.84
Sophos Anti-Virus 3.83
Sophos Anti-Virus 3.82
Sophos Anti-Virus 3.81
Sophos Anti-Virus 3.80
Sophos Anti-Virus 3.79
Sophos Anti-Virus 3.78 d
Sophos Anti-Virus 3.78
Sophos Anti-Virus 3.4.6

Impact

Denial of service, system compromise.

Recommended Actions

Apply the appropriate update for your system, available from the Sophos Technical Support Web page.
http://www.sophos.com/support/

CVE References

CVE-2005-1530