Sophos Anti-Virus BZIP2 denial of service

sophos-bzip2-dos (21373) The risk level is classified as MediumMedium Risk

Description:

Sophos Anti-Virus versions prior to 3.95.0 running on UNIX, Linux, Netware, OpenVMS and Mac OSX, versions prior to 5.0.4 on Windows 2000/XP/2003, and versions prior to 4.5.3 on Windows NT and Windows 95/98/Me are vulnerable to a denial of service attack caused by improper handling of Zip files compressed using the BZIP2 algorithm. If the 'Scan inside archive files' option is enabled, which is not the default setting, a remote attacker could send an email with a specially-crafted malicious file or send using an HTTP session containing a large value in the 'Extra field length' to cause an infinite loop.


Consequences:

Denial of Service

Remedy:

Apply the appropriate update for your system, available from the Sophos Technical Support Web page. See References.

References:

Platforms Affected:

  • HP OpenVMS
  • Sophos Sophos Anti-Virus prior to 3.95.0
  • Sophos Sophos Anti-Virus prior to 4.5.3
  • Sophos Sophos Anti-Virus prior to 5.0.4

Reported:

Jul 14, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page