lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070906125842.5D8EB1B@mail.contextis.co.uk>
Date: Thu, 6 Sep 2007 14:01:25 +0100
From: Disclosure <disclosure@...textis.co.uk>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Sophos Anti-Virus 6.5.4 Vulnerability

Name                Cross Site Scripting Vulnerability in Sophos Anti-Virus
Systems Affected    Sophos Anti-Virus, version 6.5.4 R2
Severity            Medium
Category            Cross Site Scripting
Author              Context Information Security Ltd
Advisory            6th September 2007

Description
-----------
A ZIP archive containing a virus signature with a malformed file name will cause a Cross Site Scripting vulnerability to be triggered from within the Sophos Anti Virus client.

Analysis
--------
When Sophos anti-virus scans a specially crafted ZIP archive containing a XSS attack string, it will internally log the string.  When this information is accessed via the Sophos client (SavMain.exe) the XSS attack string is unencoded.  When the print function is called, the application can be used to run arbitrary code on the target machine from an external attacker’s submitted file.

Technologies Affected
---------------------
Sophos Anti-Virus, version 6.5.4 R2

Resolution
----------
Update to version 6.5.8 or 7.0.

Vendor Response
---------------
Sophos have patched this issue in version 7.01.

CVE Details
-----------
This issue has been provisionally assigned a CVE candidate number of CVE-2007-4512

Disclosure Timeline
-------------------
18 April 2007    – Initial Discovery and vendor notification
19 April 2007    – Vendor Response
21 August 2007   – Second Vendor Response
6 September 2007 - Coordinated Public Release

Credits
--------
Michael Jordon of Context Information Security Ltd

About Context Information Security
----------------------------------
Context Information Security Limited is a specialist information security consultancy based in London and Frankfurt. Context promotes the holistic approach to information security and helps clients to identify, assess and control their exposure to risk within the fields of IT, telephony and physical security. Context employs experienced information security professionals who are subject-matter experts in their various technical specialisms.  Context works extensively within the finance, legal, defence and government sectors, delivering high-end information security projects to organisations for which security is a priority.
Web:  www.contextis.co.uk
Email:  disclosure@...textis.co.uk

About Sophos
------------
"Sophos is a world leader in IT security and control solutions purpose-built for business, education, government organizations and service providers. Our reliably engineered, easy-to-operate products protect over 100 million users in more than 150 countries from viruses, spyware, adware, Trojans, intrusion, spam, policy abuse, and uncontrolled network access."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ