Sophos Anti-Virus: scanning vulnerability identified
An issue has been discovered in the Sophos scanning engine.
The specific issue exists in the parsing of CPIO files, where a crafted filename could cause a buffer overflow, which could theoretically allow arbitrary code to be executed. There are no known exploits at the time of writing.
All version of Sophos
The CVE number for this issue is CVE-2006-6335.
Sophos would like to thank an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.
Technical information
Buffer overflows are caused by program bugs. They are exploited by sending more data to a program than it expects. If the program doesn't check for this, it will read in more data than it has reserved space for. The extra bytes it accepts may overwrite parts of memory which the operating system is using for other purposes. As an analogy, imagine that you are asked to check through 10 pages of a contract, and then to approve the contract by signing each page. Now imagine that you check carefully through the first 10 pages, but then blindly sign the bottom of all the pages you were given. If unscrupulous lawyers had prepared 12 pages instead of the 10 they asked you to check, you would have agreed to more than you intended.
If you need more information or guidance, then please contact technical support.
- Article ID: 17340
- Created: 25 Sep 2006
- Last updated: 20 Dec 2006
