Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities
From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Thu, 8 Nov 2012 22:15:25 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities

Advisory ID: cisco-sa-20121108-sophos

Revision 1.0

For Public Release 2012 November 9 03:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web
Security Appliances (WSA) include versions of Sophos Anti-Virus that
contain multiple vulnerabilities that could allow an unauthenticated,
remote attacker to gain control of the system, escalate privileges, or
cause a denial-of-service (DoS) condition. An attacker could exploit
these vulnerabilities by sending malformed files to an appliance that
is running Sophos Anti-Virus. The malformed files could cause the
Sophos antivirus engine to behave unexpectedly.

As updates that address these vulnerabilities become available from
Sophos, Cisco is working to qualify and automatically provision them
through the Cisco Ironport ESA and WSA platforms.

A workaround that mitigates these vulnerabilities is available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCcc5kACgkQUddfH3/BbToP4gD9EAi0HThOKyN0FiypwUcOmL8Y
b99aEPPaiqLIhNwifncA/2ijY0H+wz0TPPBbTywNoXjlgor+1AZqzzIXEOEndiMf
=6YeL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities Cisco Systems Product Security Incident Response Team (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]