Signature Detail
Short Name |
APP:MISC:SOPHOS-WEBAPP-RCE |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Sophos Web Protection Appliance Sblistpack Arbitrary Command Execution |
Release Date |
2013/11/26 |
Update Number |
2322 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Sophos Web Protection Appliance Sblistpack Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability against Sophos Web Protection. A successful attack can lead to arbitrary code execution
Extended Description
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Affected Products
- sophos web_appliance 3.0.0
- sophos web_appliance 3.0.1
- sophos web_appliance 3.0.1.1
- sophos web_appliance 3.0.2
- sophos web_appliance 3.0.3
- sophos web_appliance 3.0.4
- sophos web_appliance 3.0.5
- sophos web_appliance 3.0.5.1
- sophos web_appliance 3.1.0
- sophos web_appliance 3.1.0.1
- sophos web_appliance 3.1.1
- sophos web_appliance 3.1.2
- sophos web_appliance 3.1.3
- sophos web_appliance 3.1.4
- sophos web_appliance 3.2.1
- sophos web_appliance 3.2.2
- sophos web_appliance 3.2.2.1
- sophos web_appliance 3.2.3
- sophos web_appliance 3.2.4
- sophos web_appliance 3.2.5
- sophos web_appliance 3.2.6
- sophos web_appliance 3.2.7
- sophos web_appliance 3.3.0
- sophos web_appliance 3.3.1
- sophos web_appliance 3.3.2
- sophos web_appliance 3.3.3
- sophos web_appliance 3.3.3.1
- sophos web_appliance 3.3.4
- sophos web_appliance 3.3.5
- sophos web_appliance 3.3.5.1
- sophos web_appliance 3.3.6
- sophos web_appliance 3.3.6.1
- sophos web_appliance 3.4.0
- sophos web_appliance 3.4.1
- sophos web_appliance 3.4.2
- sophos web_appliance 3.4.3
- sophos web_appliance 3.4.3.1
- sophos web_appliance 3.4.4
- sophos web_appliance 3.4.5
- sophos web_appliance 3.4.6
- sophos web_appliance 3.4.7
- sophos web_appliance 3.4.8
- sophos web_appliance 3.5.0
- sophos web_appliance 3.5.1
- sophos web_appliance 3.5.1.1
- sophos web_appliance 3.5.1.2
- sophos web_appliance 3.5.2
- sophos web_appliance 3.5.3
- sophos web_appliance 3.5.4
- sophos web_appliance 3.5.5
- sophos web_appliance 3.5.6
- sophos web_appliance 3.6.1
- sophos web_appliance 3.6.1.1
- sophos web_appliance 3.6.2
- sophos web_appliance 3.6.2.1
- sophos web_appliance 3.6.2.3
- sophos web_appliance 3.6.2.4.0
- sophos web_appliance 3.6.2.4.1
- sophos web_appliance 3.6.3
- sophos web_appliance 3.6.4
- sophos web_appliance 3.6.4.1
- sophos web_appliance 3.6.4.2
- sophos web_appliance 3.7.0
- sophos web_appliance 3.7.1
- sophos web_appliance 3.7.2
- sophos web_appliance 3.7.3
- sophos web_appliance 3.7.4
- sophos web_appliance 3.7.5
- sophos web_appliance 3.7.6
- sophos web_appliance 3.7.7
- sophos web_appliance 3.7.8
- sophos web_appliance 3.7.8.1
- sophos web_appliance 3.7.8.2
- sophos web_appliance 3.8.0
- sophos web_appliance 3.8.1
- sophos web_appliance up to 3.7.9
References
- CVE: CVE-2013-4983
- CVE: CVE-2013-4984