Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6904

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6904
Last Modified 19 Aug 2009 01:24:43
Published 05 Aug 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6904

Summary

Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.

Vulnerable Systems

Application

  • Sophos Anti-virus 4.37.0

  • Sophos Anti-virus 4.7.18

  • Sophos Anti-virus 4.9.18

  • Sophos Anti-virus 6.4.5

  • Sophos Anti-virus 7.0.5

  • Sophos Anti-virus7.6.3


References

XF - savscan-armadillo-code-execution(52443)

MISC - http://www.sophos.com/support/knowledgebase/article/50611.html

BID - 32748

MISC - http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html

BUGTRAQ - 20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability


Last Updated: 27 May 2016 10:49:22