Sophos releases details of a vulnerability in anti-virus products
Sophos has released details of a vulnerability in Sophos Anti-Virus, which, they say, has already been closed in current versions. The vulnerability made it possible to send large GPIO messages, resulting in the remote management system (RMS) triggering a restart.
The cause was a bug in a third-party component. Affected versions of Sophos include Sophos Anti-Virus for Windows 2000/XP/2003/Vista 7.6.0, Sophos Anti-Virus for Windows 95/98/NT 4.7.16, Sophos Anti-Virus for Mac OS X and 4.9.15 Sophos Anti-Virus for Linux 6.4.4 RMS with versions prior to 3.0.9. Sophos had already released an automatic update on the 22 October 2008 to fix this vulnerability.