Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4577

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2007-4577
Last Modified 07 Mar 2011 09:58:49
Published 28 Aug 2007 02:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4577

Summary

Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

Vulnerable Systems

Application

  • Sophos Anti-virus 3.4.6

  • Sophos Anti-virus 3.78

  • Sophos Anti-virus 3.78d

  • Sophos Anti-virus 3.79

  • Sophos Anti-virus 3.80

  • Sophos Anti-virus 3.81

  • Sophos Anti-virus 3.82

  • Sophos Anti-virus 3.83

  • Sophos Anti-virus 3.84

  • Sophos Anti-virus 3.85

  • Sophos Anti-virus 3.86

  • Sophos Anti-virus 3.90

  • Sophos Anti-virus 3.91

  • Sophos Anti-virus 3.95

  • Sophos Anti-virus 3.96.0

  • Sophos Anti-virus 4.03

  • Sophos Anti-virus 4.04

  • Sophos Anti-virus 4.05

  • Sophos Anti-virus 4.5.11

  • Sophos Anti-virus 4.5.12

  • Sophos Anti-virus 4.5.3

  • Sophos Anti-virus 4.5.4

  • Sophos Anti-virus 4.7.1

  • Sophos Anti-virus 4.7.2

  • Sophos Anti-virus 5.0.1

  • Sophos Anti-virus 5.0.2

  • Sophos Anti-virus 5.0.4

  • Sophos Anti-virus 5.0.9

  • Sophos Anti-virus 5.1

  • Sophos Anti-virus 5.2

  • Sophos Anti-virus 5.2.1

  • Sophos Anti-virus 6.5

  • Sophos Scanning Engine 2.30.4

  • Sophos Scanning Engine 2.40.2

  • Sophos Small Business Suite 4.04

  • Sophos Small Business Suite 4.05


References

SECUNIA - 26580

VUPEN - ADV-2007-2972

CONFIRM - http://www.sophos.com/support/knowledgebase/article/28407.html

BID - 25428

BUGTRAQ - 20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory

MISC - http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php

SECTRACK - 1018608

SREASON - 3073


Last Updated: 27 May 2016 10:45:54