Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1530

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1530
Last Modified 05 Sep 2008 04:49:24
Published 19 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1530

Summary

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

Vulnerable Systems

Application

  • Sophos Anti-virus 3.4.6

  • Sophos Anti-virus 3.78

  • Sophos Anti-virus 3.78d

  • Sophos Anti-virus 3.79

  • Sophos Anti-virus 3.80

  • Sophos Anti-virus 3.81

  • Sophos Anti-virus 3.82

  • Sophos Anti-virus 3.83

  • Sophos Anti-virus 3.84

  • Sophos Anti-virus 3.85

  • Sophos Anti-virus 3.86

  • Sophos Anti-virus 3.90

  • Sophos Anti-virus 3.91

  • Sophos Anti-virus 5.0.1

  • Sophos Mailmonitor 2.0

  • Sophos Mailmonitor 2.1

  • Sophos Mailmonitor For Notes Domino

  • Sophos Puremessage Anti-virus 4.6

  • Sophos Small Business Suite 1.0


References

XF - sophos-bzip2-dos(21373)

BID - 14270

IDEFENSE - 20050714 Sophos Anti-Virus Zip File Handling DoS Vulnerability

SECTRACK - 1014488


Last Updated: 27 May 2016 10:40:12