lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <W300794771155491125231312@webmail4>
Date: Sun, 28 Aug 2005 12:15:12 +0000
From: list@...0te.com
To: "Dowling, Gabrielle" <dowlingg@...lcrom.com>, list@...0te.com, 
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Sophos Antivirus Library Remote Heap Overflow


You are partially correct. Prior to this advisory, Sophos & rem0te agreed to w/hold details until all fixes were available (August 26th). The Sophos link you provided below does not disclose any details of the vulnerability - only the patch - which leaves a lot of people guessing about the actual vulnerability details.

It's also important to note there are many large 3rd party vendors that sublicense this library who should apply patches to their customer installations. It will be interesting to see how many of these 3rd parties issue advisories to their users.

> -----Original Message-----
> From: Dowling, Gabrielle [mailto:dowlingg@...lcrom.com]
> Sent: Saturday, August 27, 2005 05:09 AM
> To: list@...0te.com, full-disclosure@...ts.grok.org.uk, 
> bugtraq@...urityfocus.com
> Subject: RE: Sophos Antivirus Library Remote Heap Overflow
> 
> Sophos has had a fix for since August 5th...
> http://www.sophos.com/support/knowledgebase/article/3409.htmlj.  The
> vulnerability was also publicly discussed prior to that time.  
> 
> G
> 
> -----Original Message-----
> From: list@...0te.com [mailto:list@...0te.com] 
> Sent: Friday, August 26, 2005 8:36 AM
> To: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
> Subject: Sophos Antivirus Library Remote Heap Overflow
> 
> 
> Date
> August 26, 2005
> 
> Vulnerability
> The Sophos Antivirus Library provides file format support for virus
> analysis. During analysis of Visio files Sophos is vulnerable to a heap
> overflow allowing attackers complete control of the system(s) being
> protected. This vulnerability can be exploited remotely without user
> interaction or authentication through common protocols such as SMTP,
> SMB, HTTP, FTP, etc. 
> 
> Impact
> Successful exploitation of Sophos protected systems allows attackers
> unauthorized control of data and related privileges. It also provides
> leverage for further network compromise. Sophos Antivirus Library
> implementations are likely vulnerable in their default configuration.
> 
> Affected Products
> Sophos Antivirus for Windows 2000/XP/2003
> Sophos Antivirus for Windows NT
> Sophos Antivirus for Mac OS X
> Sophos Antivirus for MAC 8/9
> Sophos Antivirus for UNIX/Linux
> Sophos Antivirus for Netware
> Sophos Antivirus for OS/2
> Sophos Antivirus for OpenVMS
> Sophos Antivirus for DOS/Windows 3.1x
> Sophos Antivirus Small Business Edition for Windows
> Sophos Antivirus Small Business Edition for Mac
> PureMessage Small Business Edition 
> PureMessage for Windows/Exchange
> PureMessage for UNIX
> MailMonitor for SMTP - Windows
> MailMonitor for Notes/Domino
> MailMonitor for Exchange
> 
> The Sophos Antivirus Library is also OEM by over 25 other vendors with
> products that are affected by this vulnerability; see the following link
> for a list. There are also several vendors not listed that OEM the
> Sophos Antivirus Library. Refer to Sophos or your vendor for specifics.
> 
> http://www.sophos.com/partners/oem/
> 
> Credit
> This vulnerability was discovered and researched by Alex Wheeler.
> 
> Contact
> security@...0te.com 
> 
> Details
> http://www.rem0te.com/public/images/sophos.pdf
> 
> 
> 
> -----------------------------------------
> This e-mail is sent by a law firm and contains information that may be
> privileged and confidential. If you are not the intended recipient,
> please delete the e-mail and notify us immediately.
> 
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ