---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sophos Products CAB Archive Handling Security Bypass SECUNIA ADVISORY ID: SA35467 VERIFY ADVISORY: http://secunia.com/advisories/35467/ DESCRIPTION: A weakness has been reported in various Sophos products, which can be exploited by malware to bypass the scanning functionality. The weakness is caused due to an error within the handling of CAB file archives, which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files. The weakness is reported in the following products and versions: * Sophos Anti-Virus for Windows 2000+ (version 7.6.7 and earlier) * Sophos Anti-Virus for Windows NT/95/98 (version 4.7.22 and earlier) * Sophos Anti-Virus for OS X (version 4.9.22/7.01 and earlier) * Sophos Anti-Virus for UNIX (versions 7.0.9 and earlier/4.41.9 and earlier) * Sophos Anti-Virus for Linux (version 6.6.2 and earlier) * Sophos Anti-Virus for Netware (version 4.41.9 and earlier) * Sophos Email Appliance (version 3.1.3.1 and earlier) * Sophos Web Appliance (version 2.1.18 and earlier) * PureMessage for UNIX (version 5.5.4 and earlier) SOLUTION: Update to the latest versions or update the virus engine to version 2.87.1 or later. * Sophos Anti-Virus for Windows 2000+ 7.6.8 * Sophos Anti-Virus for Windows NT/95/98 4.7.23 * Sophos Anti-Virus for OS X 4.9.23/7.02 * Sophos Anti-Virus for Linux 6.6.3 * Sophos Anti-Virus for UNIX 7.0.10 * Sophos Anti-Virus for Unix and Netware 4.42.0 * Sophos Email Appliance 3.1.4.1 * Sophos Web Appliance 3.0.0 * Pure Message for Unix 5.5.5 NOTE: Users of the latest versions of Sophos Anti-Virus and PureMessage for Microsoft Exchange will have received these updates automatically between 20th and 28th May 2009. Users of the Sophos Web and Email Appliances and PureMessage for UNIX were automatically updated between 20th May and 9th June 2009. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller (G-SEC). ORIGINAL ADVISORY: http://www.sophos.com/support/knowledgebase/article/59992.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------