CVE-2007-4577

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4577
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/26580 Patch Vendor Advisory
http://securityreason.com/securityalert/3073
http://securitytracker.com/id?1018608
http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php
http://www.securityfocus.com/archive/1/477727/100/0/threaded
http://www.securityfocus.com/bid/25428
http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.vupen.com/english/advisories/2007/2972
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-08-28 18:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4577

Mitre link : CVE-2007-4577

CVE.ORG link : CVE-2007-4577

JSON object : View

Products Affected

sophos

  • scanning_engine
  • anti-virus
  • small_business_suite
CWE
CWE-399

Resource Management Errors

NVD-CWE-noinfo