7.8

CVE-2007-4577

Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SophosAnti-virus Version3.4.6
SophosAnti-virus Version3.78
SophosAnti-virus Version3.78d
SophosAnti-virus Version3.79
SophosAnti-virus Version3.80
SophosAnti-virus Version3.81
SophosAnti-virus Version3.82
SophosAnti-virus Version3.83
SophosAnti-virus Version3.84
SophosAnti-virus Version3.85
SophosAnti-virus Version3.86
SophosAnti-virus Version3.90
SophosAnti-virus Version3.91
SophosAnti-virus Version3.95
SophosAnti-virus Version3.96.0
SophosAnti-virus Version4.03 Editionlinux
SophosAnti-virus Version4.04
SophosAnti-virus Version4.05
SophosAnti-virus Version4.5.3
SophosAnti-virus Version4.5.4
SophosAnti-virus Version4.5.11
SophosAnti-virus Version4.5.12
SophosAnti-virus Version4.7.1
SophosAnti-virus Version4.7.2
SophosAnti-virus Version5.0.1
SophosAnti-virus Version5.0.2
SophosAnti-virus Version5.0.4
SophosAnti-virus Version5.0.9
SophosAnti-virus Version5.0.9 Editionlinux
SophosAnti-virus Version5.1
SophosAnti-virus Version5.2
SophosAnti-virus Version5.2.1
SophosAnti-virus Version6.5
SophosScanning Engine Version2.30.4
SophosScanning Engine Version2.40.2
SophosSmall Business Suite Version4.04
SophosSmall Business Suite Version4.05
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.53% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/26580
Patch
Vendor Advisory
http://securityreason.com/securityalert/3073
http://securitytracker.com/id?1018608
http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php
http://www.securityfocus.com/archive/1/477727/100/0/threaded
http://www.securityfocus.com/bid/25428
http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.vupen.com/english/advisories/2007/2972