ISS X-Force Database: sophos-bo(21608): Sophos Anti-Virus buffer overflow

Sophos Anti-Virus buffer overflow

sophos-bo (21608)

High Risk

Description:

Sophos Anti-Virus is vulnerable to a heap-based buffer overflow when analyzing Visio files. A remote attacker could exploit this vulnerability using common protocols such as SMTP, SMB, HTTP, FTP, etc. to gain control of the target system or possibly obtain elevated privileges.

Consequences:

Gain Access

Remedy:

Apply the appropriate update for your system, available from the Sophos Technical Support Web page. See References.

References:

Full-Disclosure Mailing List, Fri Aug 26 2005 - 07:36:01 CDT: Sophos Antivirus Library Remote Heap Overflow.
Sophos Technical Advisory: Sophos buffer overflow vulnerability.
Sophos Web site: Sophos Anti-Virus.
BID-14362: Sophos Anti-Virus Library Visio Scanning Remote Heap Overflow Vulnerability
CVE-2005-2768: Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
SA16245: Sophos Anti-Virus Visio File Parsing Buffer Overflow

Platforms Affected:

Sophos MailMonitor for Exchange SAV 3.95.0
Sophos MailMonitor for Notes/Domino SAV 3.95.0 and prior
Sophos MailMonitor for SMTP-Windows SAV 3.95.0 and prior
Sophos PureMessage for Unix SAV 3.95.0 and prior
Sophos PureMessage for Windows/Exchange 2.0.2pr SAV 3.95.0
Sophos PureMessage for Windows/Exchange 2.1 SAV 5.0.4
Sophos PureMessage Small Business Edition 3.95 and prior
Sophos Sophos Anti-Virus for DOS/Windows 3.1 3.95 and prior
Sophos Sophos Anti-Virus for Mac OS 8/9 3.96 and prior
Sophos Sophos Anti-Virus for Mac OS X v 4.6 4.6.2 and prior
Sophos Sophos Anti-Virus for Netware 3.95 and prior
Sophos Sophos Anti-Virus for OpenVMS 3.95 and prior
Sophos Sophos Anti-Virus for OS/2 3.95 and prior
Sophos Sophos Anti-Virus for Unix/Linux 3.95 and prior
Sophos Sophos Anti-Virus for Win95/98/Me v3.x 3.95 and prior
Sophos Sophos Anti-Virus for Win95/98/Me v4.5 4.5.3 and prior
Sophos Sophos Anti-Virus for Windows NT v4.5 4.5.3 and prior
Sophos Sophos Anti-Virus Small Bus. For Mac 3.95 and prior
Sophos Sophos Anti-Virus Small Bus. For Windows 3.95 and prior
Sophos Sophos Anti-Virus Win2000/XP/2003 v3.x 3.95 and prior
Sophos Sophos Anti-Virus Win2000/XP/2003 v4.5 5.0.4 and prior

Reported:

Jul 27, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page