Vulnerability Description
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Scanning Engine | <= 3.48 |
| Sophos | Sophos Anti-Virus | 10.0.11 |
Related Weaknesses (CWE)
References
- http://osvdb.org/102762
- http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.
- http://seclists.org/fulldisclosure/2014/Feb/1
- http://www.portcullis-security.com/security-research-and-downloads/security-advi
- http://www.securityfocus.com/archive/1/530915/100/0/threaded
- http://www.securityfocus.com/bid/65286
- http://www.securitytracker.com/id/1029713
- http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx
- http://osvdb.org/102762
- http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.
- http://seclists.org/fulldisclosure/2014/Feb/1
- http://www.portcullis-security.com/security-research-and-downloads/security-advi
- http://www.securityfocus.com/archive/1/530915/100/0/threaded
- http://www.securityfocus.com/bid/65286
- http://www.securitytracker.com/id/1029713
FAQ
What is CVE-2014-1213?
CVE-2014-1213 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whic...
How severe is CVE-2014-1213?
CVE-2014-1213 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1213?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Scanning Engine, Sophos Sophos Anti-Virus.