SMTP: Invalid ZIP Header in Attachment
This signature detects ZIP files containing invalid header information in SMTP traffic. Attackers can attach a crafted ZIP file to an e-mail. A successful attack requires enticing the target to manually scan the ZIP attachment with a virus scanner, which can lead to remote arbitrary code execution on the target system.
Extended Description
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it is configured to 'Scan inside archive files'. This is not a default setting. The issue exists due to failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users. Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
Affected Products
Sophos small_business_suite
Short Name
SMTP:MAL:MAL-ZIP-HDR
Severity
Warning
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Attachment CVE-2005-1530 Header Invalid ZIP bid:14270 in
Release Date
08/23/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sophos
CVSS Score
5.0