=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN057
_____________________________________________________________________

DATE                      : 20/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Sophos Email Appliance.

======================================================================

Advisory: Sophos Email Appliance Cross-site script vulnerability reported

This article discusses a Cross-site scripting vulnerability in Sophos
Email Appliance version 2.1.0.0.

The vulnerability is exploited by passing malicious CGI parameters to
the Login page. Login fails, but printing the resulting parameters back
to the browser can cause arbitrary code execution of the malicious
parameters.

It should be noted that there are no known exploits of this
vulnerability in the wild and that it is only exploited following user
interaction.

What is a Cross-site scripting vulnerability?

Web browsers operate a same origin policy, whereby scripts cannot access
or write to another page that is not from the same origin. Cross-site
script exploits allow arbitrary scripts to be run in a separate process
or page. By injecting a malicious script into pages served by other
domains, an attacker can gain elevated access privileges.

What to do

This vulnerability has been fixed in Sophos Email Appliance version
2.1.1.0 and above.

Customers using Sophos Email Appliance solutions will have received
these updates automatically between 14-21 February 2008.

Ensure that you have the latest version installed.

Sophos would like to thank Bojan Zdrnja of Infigo IS for bringing this
issue to our attention.

If you need more information or guidance, then please contact technical
support.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================