Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Re: Sophos Antivirus Library Remote Heap Overflow

from [list] Network Security [Permanent Link]
Subject: [Full-disclosure] Re: Sophos Antivirus Library Remote Heap Overflow
Date: Sun, 28 Aug 2005 12:15:12 +0000 
You are partially correct. Prior to this advisory, Sophos & rem0te agreed to 
w/hold details until all fixes were available (August 26th). The Sophos link 
you provided below does not disclose any details of the vulnerability - only 
the patch - which leaves a lot of people guessing about the actual 
vulnerability details.

It's also important to note there are many large 3rd party vendors that 
sublicense this library who should apply patches to their customer 
installations. It will be interesting to see how many of these 3rd parties 
issue advisories to their users.


-----Original Message-----
From: Dowling, Gabrielle [mailto:dowlingg@sullcrom.com]
Sent: Saturday, August 27, 2005 05:09 AM
To: list@rem0te.com, full-disclosure@lists.grok.org.uk, 
bugtraq@securityfocus.com
Subject: RE: Sophos Antivirus Library Remote Heap Overflow

Sophos has had a fix for since August 5th...
http://www.sophos.com/support/knowledgebase/article/3409.htmlj.  The
vulnerability was also publicly discussed prior to that time.  

G

-----Original Message-----
From: list@rem0te.com [mailto:list@rem0te.com] 
Sent: Friday, August 26, 2005 8:36 AM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Sophos Antivirus Library Remote Heap Overflow


Date
August 26, 2005

Vulnerability
The Sophos Antivirus Library provides file format support for virus
analysis. During analysis of Visio files Sophos is vulnerable to a heap
overflow allowing attackers complete control of the system(s) being
protected. This vulnerability can be exploited remotely without user
interaction or authentication through common protocols such as SMTP,
SMB, HTTP, FTP, etc. 

Impact
Successful exploitation of Sophos protected systems allows attackers
unauthorized control of data and related privileges. It also provides
leverage for further network compromise. Sophos Antivirus Library
implementations are likely vulnerable in their default configuration.

Affected Products
Sophos Antivirus for Windows 2000/XP/2003
Sophos Antivirus for Windows NT
Sophos Antivirus for Mac OS X
Sophos Antivirus for MAC 8/9
Sophos Antivirus for UNIX/Linux
Sophos Antivirus for Netware
Sophos Antivirus for OS/2
Sophos Antivirus for OpenVMS
Sophos Antivirus for DOS/Windows 3.1x
Sophos Antivirus Small Business Edition for Windows
Sophos Antivirus Small Business Edition for Mac
PureMessage Small Business Edition 
PureMessage for Windows/Exchange
PureMessage for UNIX
MailMonitor for SMTP - Windows
MailMonitor for Notes/Domino
MailMonitor for Exchange

The Sophos Antivirus Library is also OEM by over 25 other vendors with
products that are affected by this vulnerability; see the following link
for a list. There are also several vendors not listed that OEM the
Sophos Antivirus Library. Refer to Sophos or your vendor for specifics.

http://www.sophos.com/partners/oem/

Credit
This vulnerability was discovered and researched by Alex Wheeler.

Contact
security@rem0te.com 

Details
http://www.rem0te.com/public/images/sophos.pdf



-----------------------------------------
This e-mail is sent by a law firm and contains information that may be
privileged and confidential. If you are not the intended recipient,
please delete the e-mail and notify us immediately.





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Tool for Identifying Rogue Linksys Routers, Tony Rall
Next by Date:  [Full-disclosure] Xcon2005 papers released, alert7
Previous by Thread:  [Full-disclosure] RE: Sophos Antivirus Library Remote Heap Overflow, Dowling, Gabrielle
Next by Thread:  [Full-disclosure] Re: Tool for Identifying Rogue Linksys Routers, Paul
Indexes:  [Date] [Thread] [Top] [All Lists]