Signature Detail
Short Name |
HTTP:STC:DL:SOPHOS-ZIPDOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sophos Anti-Virus Zip File Handling Denial of Service |
Release Date |
2010/09/17 |
Update Number |
1775 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Sophos Anti-Virus Zip File Handling Denial of Service
This signature detects attempts to exploit a known vulnerability against Sophos Anti-Virus. A successful attack can result in a denial-of-service condition.
Extended Description
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it is configured to 'Scan inside archive files'. This is not a default setting. The issue exists due to failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users. Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
Affected Products
- Sophos Anti-Virus 3.4.6
- Sophos Anti-Virus 3.78.0
- Sophos Anti-Virus 3.78.0 d
- Sophos Anti-Virus 3.79.0
- Sophos Anti-Virus 3.80.0
- Sophos Anti-Virus 3.81.0
- Sophos Anti-Virus 3.82.0
- Sophos Anti-Virus 3.83.0
- Sophos Anti-Virus 3.84.0
- Sophos Anti-Virus 3.85.0
- Sophos Anti-Virus 3.86.0
- Sophos Anti-Virus 3.90.0
- Sophos Anti-Virus 3.91.0
- Sophos Anti-Virus 5.0.1
- Sophos MailMonitor for Notes/Domino
- Sophos MailMonitor for SMTP 2.0.0
- Sophos MailMonitor for SMTP 2.1.0
- Sophos PureMessage Anti-Virus 4.6.0
- Sophos Small Business Suite 1.0.0
References
- BugTraq: 12793
- BugTraq: 14270
- CVE: CVE-2005-1530