CVE-2006-6335

Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.

Múltiples desbordamientos de búfer en el motor de escaneo Sophos Anti-Virus en versiones anteriores a la 2.40 permiten a atacantes remotos ejecutar código de su elección a través de (1) un archivo SIT con nombre de fichero largo que no termina en nulo, que dispara un desbordamiento basado en pila en el veex.dll debido a un cálculo de longitud inapropiada y (2) archivo CPIO, con un nombre de fichero largo que no termina en nulo, que dispara un desbordamiento basado en pila en el veex.dll.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Anti-Virus.
The specific flaw exists in the parsing of SIT archives. When a long non-null terminated filename is processed by veex.dll, a heap overflow occurs due to the miscalculation of the string's actual size. Exploitation is possible leading to remote code execution running under the SYSTEM context.

*Credits: Anonymous

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-12-06 CVE Reserved
2006-12-12 CVE Published
2023-09-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
http://secunia.com/advisories/23325	Third Party Advisory
http://www.securityfocus.com/archive/1/454197/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/454211/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/21563	Vdb Entry
http://www.vupen.com/english/advisories/2006/4919	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30851	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30852	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.zerodayinitiative.com/advisories/ZDI-06-045.html	2018-10-17
http://www.zerodayinitiative.com/advisories/ZDI-06-046.html	2018-10-17

URL	Date	SRC
http://www.sophos.com/support/knowledgebase/article/17340.html	2018-10-17
http://www.sophos.com/support/knowledgebase/article/21637.html	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sophos Search vendor "Sophos"		Sophos Anti-virus Search vendor "Sophos" for product "Sophos Anti-virus"				<= 2.3 Search vendor "Sophos" for product "Sophos Anti-virus" and version " <= 2.3"		-		Affected