Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities (cisco-sa-20121108-sophos)

high Nessus Plugin ID 70125

Synopsis

The remote device uses an antivirus program that is affected by multiple vulnerabilities.

Description

The remote Cisco IronPort appliance has a version of the Sophos Anti-Virus engine that is 3.2.07.352_4.80 or earlier. It is, therefore, reportedly affected by the following vulnerabilities :

- An integer overflow exists when parsing Visual Basic 6 controls.

- A memory corruption issue exists in the Microsoft CAB parsers.

- A memory corruption issue exists in the RAR virtual machine standard filters.

- A privilege escalation vulnerability exists in the network update service.

- A stack-based buffer overflow issue exists in the PDF file decrypter.

An unauthenticated, remote attacker could leverage these issues to gain control of the system, escalate privileges, or cause a denial-of- service.

Solution

Update to Sophos engine version 3.2.07.363_4.83 as discussed in Cisco Security Advisory cisco-sa-20121108-sophos.

See Also

https://lock.cmpxchg8b.com/sophailv2.pdf

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

http://www.nessus.org/u?a16e77af

Plugin Details

Severity: High

ID: 70125

File Name: cisco-sa-20121108-sophos.nasl

Version: 1.14

Type: local

Family: CISCO

Published: 9/25/2013

Updated: 11/27/2023

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.7

Temporal Score: 7.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P

Vulnerability Information

CPE: cpe:/h:cisco:email_security_appliance, cpe:/h:cisco:web_security_appliance, cpe:/a:sophos:sophos_anti-virus

Required KB Items: Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2012

Vulnerability Publication Date: 11/5/2012

Reference Information

BID: 56401

CERT: 662243

CISCO-SA: cisco-sa-20121108-sophos

IAVA: 2012-A-0203-S

CISCO-BUG-ID: CSCud10546, CSCud10556