Vulnerabilities > CVE-2008-3177 - Configuration vulnerability in Sophos products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sophos

CWE-16

NVD

Published: 2008-07-15

Updated: 2017-08-08

Summary

Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.

Vulnerable Configurations

Part	Description	Count
Hardware	Sophos Sophos Email Appliance Es1000 Sophos Email Appliance Es4000	2
Application	Sophos Sophos Es1000 * Sophos Es4000 * Sophos Sophos Anti Virus * Sophos Sophos Puremessage Anti Virus *	4

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://secunia.com/advisories/31037
http://www.securityfocus.com/bid/30110
http://www.securitytracker.com/id?1020462
http://www.sophos.com/support/knowledgebase/article/42245.html?_log_from=rss
http://www.vupen.com/english/advisories/2008/2053/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43703