Vulnerabilities > CVE-2007-4578 - Numeric Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

sophos

CWE-189

nessus

NVD

Published: 2007-08-28

Updated: 2018-10-15

Summary

Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.

Vulnerable Configurations

Part	Description	Count
Application	Sophos Sophos Anti Virus 3.4.6 Sophos Anti Virus 3.78 Sophos Anti Virus 3.78D Sophos Anti Virus 3.79 Sophos Anti Virus 3.80 Sophos Anti Virus 3.81 Sophos Anti Virus 3.82 Sophos Anti Virus 3.83 Sophos Anti Virus 3.84 Sophos Anti Virus 3.85 Sophos Anti Virus 3.86 Sophos Anti Virus 3.90 Sophos Anti Virus 3.91 Sophos Anti Virus 3.95 Sophos Anti Virus 3.96.0 Sophos Anti Virus 4.03 Sophos Anti Virus 4.04 Sophos Anti Virus 4.05 Sophos Anti Virus 4.5.3 Sophos Anti Virus 4.5.4 Sophos Anti Virus 4.5.11 Sophos Anti Virus 4.5.12 Sophos Anti Virus 4.7.1 Sophos Anti Virus 4.7.2 Sophos Anti Virus 5.0.1 Sophos Anti Virus 5.0.2 Sophos Anti Virus 5.0.4 Sophos Anti Virus 5.0.9 Sophos Anti Virus 5.1 Sophos Anti Virus 5.2 Sophos Anti Virus 5.2.1 Sophos Anti Virus 6.5 Sophos Scanning Engine 2.30.4 Sophos Scanning Engine 2.40.2 Sophos Small Business Suite 4.04 Sophos Small Business Suite 4.05	37

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Windows
NASL id	SOPHOS_2_48_0.NASL
description	The version of Sophos Anti-Virus installed on the remote host reportedly contains several problems involving the processing of
last seen	2020-06-01
modified	2020-06-02
plugin id	25933
published	2007-08-27
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25933
title	Sophos Anti-Virus UPX and BZIP File Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25933); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2007-4577", "CVE-2007-4578"); script_bugtraq_id(25428); script_name(english:"Sophos Anti-Virus UPX and BZIP File Multiple Vulnerabilities"); script_summary(english:"Checks version of Sophos engine"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sophos Anti-Virus installed on the remote host reportedly contains several problems involving the processing of 'UPX' and 'BZIP' files. If a remote attacker can cause a malicious file to be scanned by the affected application, these issues could be leveraged to crash the affected application, fill up space on the disk volume used for Engine temporary files, or possibly even execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Aug/412"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Aug/437"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Sep/22"); script_set_attribute(attribute:"see_also", value:"http://www.sophos.com/support/knowledgebase/article/28407.html"); script_set_attribute(attribute:"solution", value:"Update to Sophos Anti-Virus engine version 2.48.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/27"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sophos:sophos_anti-virus"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("sophos_installed.nasl"); script_require_keys("Antivirus/Sophos/installed", "Antivirus/Sophos/eng_ver"); exit(0); } # Get the signature database update for the target. engine = get_kb_item("Antivirus/Sophos/eng_ver"); if (!engine) exit(0); ver = split(engine, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fix = split("2.48.0", sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(ver); i++) if ((ver[i] < fix[i])) { # nb: Sophos doesn't report the last part in its advisory. ver = string(ver[0], ".", ver[1], ".", ver[2]); report = string( "\n", "The current engine version on the remote is ", ver, ".\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); break; } else if (ver[i] > fix[i]) break;

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References