Skip to end of metadata
Go to start of metadata

On November 5th 2012, a security researcher published a list of vulnerabilities related to Sophos Anti-virus. Since LBNL relies on Sophos as our primary anti-virus software, this disclosure has potential to affect the lab. This page documents the current status of this issue at LBNL 

Nov 7th 2012:

  • Sophos 10.2 for Windows, which contains fixes to many of the vulnerabilities, is being rolled out to the Lab. Sophos 8.08 for the Mac, which contains fixes to many of the vulnerabilities, is being actively rolled out by Sophos. 

Nov 6th 2012:

Cyber Security believes that while this is an important issue, its over all effect on us is not very drastic, actually none so far. This however may change with publication of a new exploit etc. We continue to evaluation this situation.

Nov 5th, 2012: 

Cyber Security has been aware of the disclosure of  these vulnerabilities related to Sophos Anti-virus software. We are in touch with the Sophos support team as well as keeping an eye on various bulletins to continuously access the situation. 

  • Sophos has patched seven of these vulnerabilities already
  • Sophos plans to address remaining one(s) by Nov 28th.

Cyber Security is in the opinion that the current published exploit in the full-disclosure email is not 'wormable':

  • Current delivery mechanism is a link in an email which limits the propagation
  • No other exploits for  different flavors of operating systems are known to exists so far.
  • We haven't heard from any other source that these vulnerabilities being actively exploited as well

We continue to monitor and access the situation including keeping in  contact with Sophos Support, monitoring various feeds and forums etc.

Some links with relevant detailed information:

Original full-disclosure Advisory: http://lists.grok.org.uk/pipermail/full-disclosure/2012-November/088813.html

Sophos Response: http://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/

Another critique of the full-disclosure advisory arguing that vulnerabilities are not easily exploitable:
http://anti-virus-rants.blogspot.com/2011/08/tavis-ormandys-sophail-presentation.html