Denial of Service Vulnerability in Sophos Anti-Virus Engine
CVE-2014-1213

Currently unrated

Key Information:

Vendor: Sophos
Status: Sophos Anti-virus; Scanning Engine
Vendor: CVE Published:; 10 February 2014

Summary

A vulnerability in the Sophos Anti-Virus engine (SAVi) allows local users to disrupt anti-virus protection. The issue arises from improper access controls on certain global and session objects, permitting unauthorized operations which can lead to significant resource exhaustion. This can cause incidents like denial of service, CPU consumption spikes, or technical glitches that impersonate system update readiness. Key objects affected include various mutexes and events related to data updates, indicating serious implications for system stability.

References

http://www.sophos.com/en-us/support/knowledgebase/2300/72...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/125024/Sophos-Anti-V...

x_refsource_MISC

http://www.securityfocus.com/archive/1/530915/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Jan 7, 2014