Two vulnerabilities in Sophos Anti-Virus fixed
An update fixes two vulnerabilities in Sophos anti-virus software for Windows and Unix/Linux. Using a manipulated file packed using the UPX runtime packer, an attacker can send the anti-virus software into an infinite loop. In addition to exploiting this bug to deny service, attackers may also be able to remotely inject arbitrary malicious code onto the computer.
Sophos Anti-Virus may also enter an infinite loop when processing BZip archives. This can also be exploited for DOS attacks through the resulting high CPU and memory usage. The vulnerabilities, which affect versions prior to version 2.48.0, were discovered in May. An update released on 23rd August fixes both vulnerabilities. Users of the application should install the update as soon as possible.
See also:
- Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory, security advisory from n.runs
- Sophos Antivirus BZip parsing Infinite Loop Advisory, security advisory from n.runs
(mba)