In association with heise online

« previous | next »
11 July 2008, 10:32

DoS vulnerability in Sophos antivirus products

Antivirus software vendor Sophos has reported the discovery of a DoS vulnerability in some of its products. According to the security advisory, specially crafted attachments to emails can bring down Sophos E-mail Appliance, Pure Message for UNIX and Sophos Anti-Virus Interface (SAVI). For the attack to succeed, the MIME attachment has to have a length of zero. Sophos says that only Linux/UNIX installations are affected.

Apparently, the flaw only turned up after the recent July update – signature version 4.31 and engine 2.75. The flaw has already been updated in SAVI with new virus signatures. Sophos has reactivated the old updates – 4.30 and 2.7 – for Appliance and Pure Message, respectively, and is now working to fix the underlying flaw in the engine. The vendor will then release a new update.

See also:

* Unexpected terminations of selected Sophos products by zero-byte MIME attachments, Error report from Sophos

(trk)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-736449

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit