Description
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009042
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10855
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15192
Patch x_refsource_confirm
http://www.sophos.com/support/news/#mime-378
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9650
Scores
EPSS
0.0238
EPSS Percentile
85.2%
Details
Status
published
Products (2)
sophos/sophos_anti-virus
3.4.6
sophos/sophos_anti-virus
3.78
Published
Feb 12, 2004
Tracked Since
Feb 18, 2026