# Sophos Anti-Virus DOS Device Name Handling Vulnerability (Moderately critical)



## jgvernonco (Sep 13, 2003)

Sophos Anti-Virus DOS Device Name Handling Vulnerability

SECUNIA ADVISORY ID:
SA12622

VERIFY ADVISORY:
http://secunia.com/advisories/12622/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Sophos Anti-Virus 3.x
http://secunia.com/product/164/

DESCRIPTION:
Kurt Seifried has reported a vulnerability in Sophos Anti-Virus,
which can be exploited by malware to bypass the scanning
functionality.

The vulnerability is caused due to an error within the handling of
files and directories with reserved DOS device names and can be
exploited by including malware in a file or directory with such a
name (e.g. "prn" or "aux").

Reportedly, successful exploitation causes malware to not be detected
by the email scanning and real-time protection functionality.

SOLUTION:
The vulnerability will reportedly be fixed in the upcoming version
3.86.

PROVIDED AND/OR DISCOVERED BY:
Kurt Seifried

ORIGINAL ADVISORY:
http://www.idefense.com/application/poi/display?id=143&type=vulnerabilities


----------

