ID CVE-2007-4577
Summary Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
References
Vulnerable Configurations
  • cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
    cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 15-10-2018 - 21:36)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 25428
bugtraq 20070824 n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory
confirm http://www.sophos.com/support/knowledgebase/article/28407.html
misc http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php
sectrack 1018608
secunia 26580
sreason 3073
vupen ADV-2007-2972
Last major update 15-10-2018 - 21:36
Published 28-08-2007 - 18:17
Last modified 15-10-2018 - 21:36
Back to Top