Denial of Service Vulnerability in Sophos Email Appliance and Anti-Virus
CVE-2008-3177

Currently unrated

Key Information:

Vendor: Sophos
Status: Es1000; Es4000; Sophos Anti-virus; Sophos Puremessage Anti-virus
Vendor: CVE Published:; 15 July 2008

Summary

The Sophos virus detection engine version 2.75, utilized in several Sophos products such as the Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), is susceptible to a denial of service attack. This vulnerability arises when an attacker sends a specially crafted email containing zero-length MIME attachments, which can lead the engine to crash. Exploiting this flaw can disrupt service and compromise the functionality of affected systems.

References

http://www.securitytracker.com/id?1020462

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/30110

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/2053/references

vdb-entryx_refsource_VUPEN

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 15, 2008
Vulnerability Reserved
Jul 15, 2008