Vigil@nce - Sophos Anti-Virus: denial of service via Object
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can interact with objects of Sophos Anti-Virus,
in order to trigger a denial of service.
Impacted products: Sophos AV
Severity: 1/4
Creation date: 03/02/2014
DESCRIPTION OF THE VULNERABILITY
The Windows Object Manager is used to access to all system objects:
\BaseNamedObjects (mutex, timer, etc.)
\Drivers
\FileSystem
etc.
The Sophos antivirus uses several objects:
$$!_EVENT_$!__...
SAV-****
SAV-Info
SophosALMonSessionInstance
However, ACLs are not set for these objects.
A local attacker can therefore interact with objects of Sophos
Anti-Virus, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Sophos-Anti-Virus-denial-of-service-via-Object-14166