CVE-2005-1530

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://securitytracker.com/id?1014488
http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true	Patch Vendor Advisory
http://www.securityfocus.com/bid/14270	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/21373

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.78:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.78d:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.79:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.80:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.81:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.82:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.83:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.84:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.85:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.86:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.90:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:3.91:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:5.0.1:::::::*
	cpe:2.3:a:sophos:sophos_mailmonitor:2.0:::::::*
	cpe:2.3:a:sophos:sophos_mailmonitor:2.1:::::::*
	cpe:2.3:a:sophos:sophos_mailmonitor_for_notes_domino::::::::
	cpe:2.3:a:sophos:sophos_puremessage_anti-virus:4.6:::::::*
	cpe:2.3:a:sophos:sophos_small_business_suite:1.0:::::::*

History

No history.

Information

Published : 2005-07-19 04:00

Updated : 2024-02-28 10:42

NVD link : CVE-2005-1530

Mitre link : CVE-2005-1530

CVE.ORG link : CVE-2005-1530

JSON object : View

Products Affected

sophos

sophos_mailmonitor
sophos_puremessage_anti-virus
sophos_small_business_suite
sophos_anti-virus
sophos_mailmonitor_for_notes_domino

CWE

NVD-CWE-Other

{"id": "CVE-2005-1530", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-07-19T04:00:00.000", "references": [{"url": "http://securitytracker.com/id?1014488", "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14270", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21373", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Sophos Anti-Virus 5.0.1, with \"Scan inside archive files\" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value."}, {"lang": "es", "value": "Sophos Anti-Virus 5.0.1, con \"Scan inside archive files\" habilitado permite que atacantes remotos causen una denegaci\u00f3n de servicio (agotamiento de CPU por bucle infinito) mediante un archivo Bzip2 con un valor largo en \"Extra field length\"."}], "lastModified": "2017-07-11T01:32:41.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22A1739A-B77D-4CD6-9943-52B336EC2F22"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D4EB83-A8A4-48F2-A835-FA192ADB3BFD"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1609D51F-41D1-441C-9EA8-3F0510D8ED8D"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ABBFB36-0A7C-45ED-9907-867F31884113"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23543D87-E4B6-4B74-A490-378D45AA3481"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4DBC8E3-0344-413A-8C4A-F48CBAAFAB91"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C3AD19-26F4-4AFF-8207-86017509EECC"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EFC7217-88A6-4241-8FD9-4B7E2683F696"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDC8C9FC-9D35-455D-9597-3B2E63845B10"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07255F9-5726-4FDB-81A3-D0D55AD1F709"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD1A8D69-0A33-4F47-B1BA-8BC898A3E7EF"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.90:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06164FCF-CC47-406D-8561-DDA797B29673"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:3.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A323A588-59DD-4D89-A224-A6FF7BBD7B37"}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0756438F-DD69-4213-9069-FA613A5D729E"}, {"criteria": "cpe:2.3:a:sophos:sophos_mailmonitor:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95FA3B01-F58C-45EB-9961-0A9BB8F6FE69"}, {"criteria": "cpe:2.3:a:sophos:sophos_mailmonitor:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB699D72-7E6D-460C-AA5F-8BF9C4D4B196"}, {"criteria": "cpe:2.3:a:sophos:sophos_mailmonitor_for_notes_domino:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FF0468B-81CF-484F-88C4-5F0E6CA8C4A7"}, {"criteria": "cpe:2.3:a:sophos:sophos_puremessage_anti-virus:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1760B35D-15A5-413B-8C04-4A3668821ACD"}, {"criteria": "cpe:2.3:a:sophos:sophos_small_business_suite:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28059D6E-6505-408B-81FE-9B91FC9AE849"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}