HTTP: Sophos Anti-Virus Zip File Handling Denial of Service
This signature detects attempts to exploit a known vulnerability against Sophos Anti-Virus. A successful attack can result in a denial-of-service condition.
Extended Description
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it is configured to 'Scan inside archive files'. This is not a default setting. The issue exists due to failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users. Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
Affected Products
Sophos small_business_suite
Short Name
HTTP:STC:DL:SOPHOS-ZIPDOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Anti-Virus CVE-2005-1530 Denial File Handling Service Sophos Zip bid:12793 bid:14270 of
Release Date
09/17/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sophos
CVSS Score
5.0