Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6903

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6903
Last Modified 19 Aug 2009 01:24:42
Published 05 Aug 2009 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6903

Summary

Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

Vulnerable Systems

Application

  • Sophos Anti-virus 4.37.0

  • Sophos Anti-virus 4.7.18

  • Sophos Anti-virus 4.9.18

  • Sophos Anti-virus 6.4.5

  • Sophos Anti-virus 7.0.5

  • Sophos Anti-virus7.6.3


References

CONFIRM - http://www.sophos.com/support/knowledgebase/article/50611.html

SECTRACK - 1021476

MISC - http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html

VUPEN - ADV-2008-3458

BID - 32748

MISC - http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

SECUNIA - 33177

OSVDB - 50863

BUGTRAQ - 20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability


Last Updated: 27 May 2016 10:49:22