Sophos Antivirus Library Remote Heap Overflow ?

Richard Siddall richard.siddall at ELIRION.NET
Tue Aug 30 14:53:36 IST 2005

Darrin Powell wrote:
> Thanks, Richard
> I need to pay closer attention to the list :)
> Darrin


There was an update on the BugTraq list 
(mailto:bugtraq-subscribe at yesterday in response to 
the message I quoted:

> You are partially correct. Prior to this advisory, Sophos & rem0te
> agreed to w/hold details until all fixes were available (August
> 26th). The Sophos link you provided below does not disclose any
> details of the vulnerability - only the patch - which leaves a lot of
> people guessing about the actual vulnerability details.
> It's also important to note there are many large 3rd party vendors
> that sublicense this library who should apply patches to their
> customer installations. It will be interesting to see how many of
> these 3rd parties issue advisories to their users.

So it sounds like you need a more recent update than the August 5th one.


	Richard Siddall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list