iViZ Security

Security Advisories

Sophos Antivirus for Linux

Synopsis

Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers : armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files.

Affected Software

Sophos SAVScan 4.33.0 for Linux, possibly others

Impact

Remote DoS, possibly remote code execution.

Vendor Response

Vendor acknowledged the problems and will "fix the issues" in the next release.
Fixed in updated version
http://www.sophos.com/support/knowledgebase/article/50611.html

Credits

This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.



Back to Security Advisories