Vulnerabilities > CVE-2008-3177 - Configuration vulnerability in Sophos products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sophos

CWE-16

NVD

Published: 2008-07-15

Updated: 2017-08-08

Summary

Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.

Vulnerable Configurations

Part	Description	Count
Hardware	Sophos Sophos Email Appliance Es1000 Sophos Email Appliance Es4000	2
Application	Sophos Sophos Es1000 * Sophos Es4000 * Sophos Sophos Anti Virus * Sophos Sophos Puremessage Anti Virus *	4

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www.sophos.com/support/knowledgebase/article/42245.html?_log_from=rss
http://www.securityfocus.com/bid/30110
http://www.securitytracker.com/id?1020462
http://secunia.com/advisories/31037
http://www.vupen.com/english/advisories/2008/2053/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43703