CVE-2008-6903

Name of the Vulnerable Software and Affected Versions: Sophos Anti-Virus for Windows versions prior to 7.6.3 Sophos Anti-Virus for Windows NT/9x versions prior to 4.7.18 Sophos Anti-Virus for OS X versions prior to 4.9.18 Sophos Anti-Virus for Linux versions prior to 6.4.5 Sophos Anti-Virus for UNIX versions prior to 7.0.5 Sophos Anti-Virus for Unix and Netware versions prior to 4.37.0 Sophos EM Library (affected versions not specified) Sophos small business solutions (affected versions not specified)

Description: The issue allows remote attackers to cause a denial of service via a "fuzzed" CAB archive file. This can be demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. The problem occurs when CAB archive scanning is enabled.

Recommendations: For Sophos Anti-Virus for Windows versions prior to 7.6.3, update to version 7.6.3 or later. For Sophos Anti-Virus for Windows NT/9x versions prior to 4.7.18, update to version 4.7.18 or later. For Sophos Anti-Virus for OS X versions prior to 4.9.18, update to version 4.9.18 or later. For Sophos Anti-Virus for Linux versions prior to 6.4.5, update to version 6.4.5 or later. For Sophos Anti-Virus for UNIX versions prior to 7.0.5, update to version 7.0.5 or later. For Sophos Anti-Virus for Unix and Netware versions prior to 4.37.0, update to version 4.37.0 or later. For Sophos EM Library and Sophos small business solutions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.