Remote Bypass and Denial of Service in Sophos PureMessage for Microsoft Exchange
CVE-2008-7106

Currently unrated

Key Information:

Vendor
Sophos
Status
Puremessage For Microsoft Exchange
Vendor
CVE Published:
27 August 2009

Summary

The Sophos PureMessage for Microsoft Exchange version 3.0 and earlier does not properly initiate its scanning engines during heavy system loads. This failure can lead to potential exploitation, where attackers may bypass the intended scanner protections, resulting in possible message loss or delays due to a denial of service scenario. The vulnerability exists in configurations where both anti-virus and anti-spam capabilities are enabled.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/52926
vdb-entryx_refsource_XF
http://www.sophos.com/support/knowledgebase/article/44385...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.