Patch/Configuration Management, Vulnerability Management

Vulnerability found in Sophos anti-malware product

Cisco Talos researchers identified a memory disclosure flaw and a code execution vulnerability in the malware detection and protection tool Sophos HitmanPro.Alert.

Both vulnerabilities are in the input/output control (IOCTL) message handler with one of the bugs allowing an attacker to read kernel memory contents, while the other glitch allows code execution and privilege escalation, according to an Oct. 25 security advisory.  

Sophos has patched the vulnerability.

One of the flaws is an exploitable memory disclosure that can be exploited by a specially crafted IOCTL request sent by any user on the system to the hmpalert device and results in the contents from the privileged kernel memory returning to the user.

The second flaw also exists in the IOCTL-handler function of the product and similar to the other vulnerability a specially crafted IOCTL request to the hmpalert device will allow the attacker to write to memory, resulting in remote code execution and privilege escalation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.