Vulnerability Name:

CVE-2006-5645 (CCN-29920)

Assigned:2006-10-27
Published:2006-10-27
Updated:2018-10-17
Summary:Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-5645

Source: IDEFENSE
Type: UNKNOWN
20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability

Source: CCN
Type: SA22591
Sophos Anti-Virus RAR and CHM Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22591

Source: CCN
Type: SECTRACK ID: 1017132
Sophos Anti-Virus Bugs in Processing Petite Archives, RAR Archives, and CHM Files Let Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1017132

Source: CCN
Type: SECTRACK ID: 1018450
eTrust Antivirus Bugs in Arclib Library Let Remote Users Deny Service

Source: BUGTRAQ
Type: UNKNOWN
20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

Source: BID
Type: UNKNOWN
20816

Source: CCN
Type: BID-20816
Sophos Antivirus Multiple Denial of Service and Memory Corruption Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018450

Source: CCN
Type: Sophos Support Knowledgebase Article 17609
Advisory: Vulnerabilities reported by iDefense

Source: CONFIRM
Type: UNKNOWN
http://www.sophos.com/support/knowledgebase/article/7609.html

Source: VUPEN
Type: Vendor Advisory
ADV-2006-4239

Source: XF
Type: UNKNOWN
sophos-rar-dos(29920)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 12.08.06
Multiple Vendor Antivirus RAR File Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:anti-virus:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:endpoint_security:*:*:*:*:*:*:*:* (Version <= 6.04)

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-5645 (CCN-35572)

    Assigned:2006-11-01
    Published:2007-07-24
    Updated:2007-07-24
    Summary:Multiple CA applications are vulnerable to a denial of service, caused by an error in the Arclib library. By persuading a victim to scan a specially-crafted RAR archive with head_size and pack_size fields set to zero, a remote attacker could cause the scanning engine to enter an infinite loop, resulting in a denial of service.
    CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
    1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-5645

    Source: CCN
    Type: SA22591
    Sophos Anti-Virus RAR and CHM Denial of Service Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1017132
    Sophos Anti-Virus Bugs in Processing Petite Archives, RAR Archives, and CHM Files Let Remote Users Deny Service

    Source: CCN
    Type: SECTRACK ID: 1018450
    eTrust Antivirus Bugs in Arclib Library Let Remote Users Deny Service

    Source: CCN
    Type: CA SupportConnect July 24th, 2007
    Security Notice for CA products containing Arclib

    Source: CCN
    Type: BID-20816
    Sophos Antivirus Multiple Denial of Service and Memory Corruption Vulnerabilities

    Source: XF
    Type: UNKNOWN
    ca-arclib-rar-dos(35572)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.0:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8:*:enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_client:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sophos anti-virus 4.04
    sophos anti-virus 4.05
    sophos anti-virus 4.5.3
    sophos anti-virus 4.5.4
    sophos anti-virus 4.5.11
    sophos anti-virus 4.5.12
    sophos anti-virus 4.7.1
    sophos anti-virus 4.7.2
    sophos anti-virus 5.0.1
    sophos anti-virus 5.0.2
    sophos anti-virus 5.0.4
    sophos anti-virus 5.1
    sophos anti-virus 5.2
    sophos anti-virus 5.2.1
    sophos anti-virus 6.0.4
    sophos endpoint security *
    ca etrust ez armor 2.0
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 7.0
    ca brightstor arcserve backup 11.0
    ca etrust intrusion detection 3.0
    ca etrust antivirus gateway 7.1
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    ca brightstor arcserve backup 11.1
    ca brightstor arcserve backup 11.5
    ca brightstor arcserve backup 9.01
    ca internet security suite 2007 3
    ca brightstor arcserve backup 10.5
    ca etrust intrusion detection 3.0 sp1
    ca etrust intrusion detection 2.0 sp1
    ca anti-virus for the enterprise 8
    ca anti-virus for the enterprise 8.1
    ca etrust internet security suite 1
    ca etrust internet security suite 2
    ca etrust ez armor 1
    ca etrust ez armor 3
    ca threat manager 8
    ca protection suites 2
    ca protection suites 3.0
    ca secure content manager 8.0
    ca anti-virus gateway 7.1
    ca antivirus sdk *
    ca anti-virus for the enterprise 7.0
    ca anti-virus for the enterprise 7.1
    ca secure content manager 1.1
    ca antispyware for the enterprise 8
    ca antispyware for the enterprise 8.1
    ca anti-spyware 2007
    ca common services 11
    ca common services 11.1
    ca brightstor arcserve client *