Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:SOPHOS-WEBAPP-RCE

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Sophos Web Protection Appliance Sblistpack Arbitrary Command Execution

Release Date

 2013/11/26

Update Number

 2322

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Sophos Web Protection Appliance Sblistpack Arbitrary Command Execution


This signature detects attempts to exploit a known vulnerability against Sophos Web Protection. A successful attack can lead to arbitrary code execution

Extended Description

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.

Affected Products

  • Sophos web_appliance 3.0.0
  • Sophos web_appliance 3.0.1
  • Sophos web_appliance 3.0.1.1
  • Sophos web_appliance 3.0.2
  • Sophos web_appliance 3.0.3
  • Sophos web_appliance 3.0.4
  • Sophos web_appliance 3.0.5
  • Sophos web_appliance 3.0.5.1
  • Sophos web_appliance 3.1.0
  • Sophos web_appliance 3.1.0.1
  • Sophos web_appliance 3.1.1
  • Sophos web_appliance 3.1.2
  • Sophos web_appliance 3.1.3
  • Sophos web_appliance 3.1.4
  • Sophos web_appliance 3.2.1
  • Sophos web_appliance 3.2.2
  • Sophos web_appliance 3.2.2.1
  • Sophos web_appliance 3.2.3
  • Sophos web_appliance 3.2.4
  • Sophos web_appliance 3.2.5
  • Sophos web_appliance 3.2.6
  • Sophos web_appliance 3.2.7
  • Sophos web_appliance 3.3.0
  • Sophos web_appliance 3.3.1
  • Sophos web_appliance 3.3.2
  • Sophos web_appliance 3.3.3
  • Sophos web_appliance 3.3.3.1
  • Sophos web_appliance 3.3.4
  • Sophos web_appliance 3.3.5
  • Sophos web_appliance 3.3.5.1
  • Sophos web_appliance 3.3.6
  • Sophos web_appliance 3.3.6.1
  • Sophos web_appliance 3.4.0
  • Sophos web_appliance 3.4.1
  • Sophos web_appliance 3.4.2
  • Sophos web_appliance 3.4.3
  • Sophos web_appliance 3.4.3.1
  • Sophos web_appliance 3.4.4
  • Sophos web_appliance 3.4.5
  • Sophos web_appliance 3.4.6
  • Sophos web_appliance 3.4.7
  • Sophos web_appliance 3.4.8
  • Sophos web_appliance 3.5.0
  • Sophos web_appliance 3.5.1
  • Sophos web_appliance 3.5.1.1
  • Sophos web_appliance 3.5.1.2
  • Sophos web_appliance 3.5.2
  • Sophos web_appliance 3.5.3
  • Sophos web_appliance 3.5.4
  • Sophos web_appliance 3.5.5
  • Sophos web_appliance 3.5.6
  • Sophos web_appliance 3.6.1
  • Sophos web_appliance 3.6.1.1
  • Sophos web_appliance 3.6.2
  • Sophos web_appliance 3.6.2.1
  • Sophos web_appliance 3.6.2.3
  • Sophos web_appliance 3.6.2.4.0
  • Sophos web_appliance 3.6.2.4.1
  • Sophos web_appliance 3.6.3
  • Sophos web_appliance 3.6.4
  • Sophos web_appliance 3.6.4.1
  • Sophos web_appliance 3.6.4.2
  • Sophos web_appliance 3.7.0
  • Sophos web_appliance 3.7.1
  • Sophos web_appliance 3.7.2
  • Sophos web_appliance 3.7.3
  • Sophos web_appliance 3.7.4
  • Sophos web_appliance 3.7.5
  • Sophos web_appliance 3.7.6
  • Sophos web_appliance 3.7.7
  • Sophos web_appliance 3.7.8
  • Sophos web_appliance 3.7.8.1
  • Sophos web_appliance 3.7.8.2
  • Sophos web_appliance 3.7.9
  • Sophos web_appliance 3.8.0
  • Sophos web_appliance 3.8.1

References

  • BugTraq: 62263
  • CVE: CVE-2013-4984
  • CVE: CVE-2013-4983
  • URL: http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out