\ CVE-2004-2088 - Sophos Anti-Virus Delivery Status Notification Handling Scanner Bypass Vulnerability | Vumetric Cyber Portal

CVE-2004-2088 - Sophos Anti-Virus Delivery Status Notification Handling Scanner Bypass Vulnerability

Publication

2004-02-12

Last modification

2017-07-11

Summary

Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:P/A:N)

Medium

5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sophos Sophos Anti Virus  3.78 , 3.4.6