Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for anti-virus7.6.3 by sophos

    CVE-2008-6904 (GCVE-0-2008-6904)

    Vulnerability from nvd – Published: 2009-08-06 01:00 – Updated: 2024-08-07 11:49
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:49:02.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "savscan-armadillo-code-execution(52443)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
              },
              {
                "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
              },
              {
                "name": "32748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "savscan-armadillo-code-execution(52443)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
            },
            {
              "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
            },
            {
              "name": "32748",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "savscan-armadillo-code-execution(52443)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
                },
                {
                  "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/50611.html",
                  "refsource": "MISC",
                  "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
                },
                {
                  "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
                },
                {
                  "name": "32748",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6904",
        "datePublished": "2009-08-06T01:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:49:02.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6903 (GCVE-0-2008-6903)

    Vulnerability from nvd – Published: 2009-08-06 00:00 – Updated: 2024-08-07 11:49
    VLAI
    Summary
    Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:49:02.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
              },
              {
                "name": "33177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
              },
              {
                "name": "1021476",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
              },
              {
                "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
              },
              {
                "name": "ADV-2008-3458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3458"
              },
              {
                "name": "50863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50863"
              },
              {
                "name": "32748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a \"fuzzed\" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-08-19T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
            },
            {
              "name": "33177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
            },
            {
              "name": "1021476",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
            },
            {
              "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
            },
            {
              "name": "ADV-2008-3458",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3458"
            },
            {
              "name": "50863",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50863"
            },
            {
              "name": "32748",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a \"fuzzed\" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
                },
                {
                  "name": "33177",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33177"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/50611.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
                },
                {
                  "name": "1021476",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021476"
                },
                {
                  "name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
                  "refsource": "MISC",
                  "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
                },
                {
                  "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
                },
                {
                  "name": "ADV-2008-3458",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3458"
                },
                {
                  "name": "50863",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50863"
                },
                {
                  "name": "32748",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6903",
        "datePublished": "2009-08-06T00:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:49:02.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6904 (GCVE-0-2008-6904)

    Vulnerability from cvelistv5 – Published: 2009-08-06 01:00 – Updated: 2024-08-07 11:49
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:49:02.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "savscan-armadillo-code-execution(52443)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
              },
              {
                "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
              },
              {
                "name": "32748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "savscan-armadillo-code-execution(52443)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
            },
            {
              "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
            },
            {
              "name": "32748",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "savscan-armadillo-code-execution(52443)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52443"
                },
                {
                  "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/50611.html",
                  "refsource": "MISC",
                  "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
                },
                {
                  "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
                },
                {
                  "name": "32748",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6904",
        "datePublished": "2009-08-06T01:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:49:02.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6903 (GCVE-0-2008-6903)

    Vulnerability from cvelistv5 – Published: 2009-08-06 00:00 – Updated: 2024-08-07 11:49
    VLAI
    Summary
    Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:49:02.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
              },
              {
                "name": "33177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33177"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
              },
              {
                "name": "1021476",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
              },
              {
                "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
              },
              {
                "name": "ADV-2008-3458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3458"
              },
              {
                "name": "50863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50863"
              },
              {
                "name": "32748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a \"fuzzed\" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-08-19T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
            },
            {
              "name": "33177",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
            },
            {
              "name": "1021476",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
            },
            {
              "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
            },
            {
              "name": "ADV-2008-3458",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3458"
            },
            {
              "name": "50863",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50863"
            },
            {
              "name": "32748",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a \"fuzzed\" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html",
                  "refsource": "MISC",
                  "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08015.html"
                },
                {
                  "name": "33177",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33177"
                },
                {
                  "name": "http://www.sophos.com/support/knowledgebase/article/50611.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.sophos.com/support/knowledgebase/article/50611.html"
                },
                {
                  "name": "1021476",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021476"
                },
                {
                  "name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
                  "refsource": "MISC",
                  "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
                },
                {
                  "name": "20081210 [IVIZ-08-015] Sophos Antivirus for Linux vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=122893252316489\u0026w=2"
                },
                {
                  "name": "ADV-2008-3458",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3458"
                },
                {
                  "name": "50863",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50863"
                },
                {
                  "name": "32748",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6903",
        "datePublished": "2009-08-06T00:00:00.000Z",
        "dateReserved": "2009-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:49:02.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }