Sophos multiple products MIME attachment denial of service

sophos-mime-dos (43703) The risk level is classified as LowLow Risk

Description:

Sophos Email Appliance, Pure Message for Unix, and Anti-Virus Interface (SAVI) are vulnerable to a denial of service, caused by an error when scanning specific MIME attachments of zero-byte length. A remote attacker could exploit this vulnerability using a specially-crafted attachment to cause a denial of service.

Platforms Affected:

  • Sophos, Anti-Virus Interface (SAVI)
  • Sophos, Email Appliance
  • Sophos, PureMessage for UNIX

Remedy:

Refer to Sophos Knowledgebase Article ID: 42245 for patch, upgrade or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • Sophos Knowledgebase Article ID: 42245, Advisory: Unexpected terminations of selected Sophos products by zero-byte MIME attachments at http://www.sophos.com/support/knowledgebase/article/42245.html.
  • BID-30110: Multiple Sophos Products MIME Attachments Denial of Service Vulnerability
  • CVE-2008-3177: Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.
  • FrSIRT/ADV-2008-2053: Sophos Products MIME Attachments Denial of Service Vulnerability
  • SA31037: Sophos Products Zero-byte MIME Attachments Denial of Service
  • SECTRACK ID: 1020462: Sophos Email Appliance Can Be Crashed By Remote Users Sending Mail with Zero Byte Length MIME Attachments

Reported:

Jul 09, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page