Sophos

A reflected XSS vulnerability

CVE-2021-36806 6.1 - Medium - November 30, 2023

A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.

XSS

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature

CVE-2023-5552 7.5 - High - October 18, 2023

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to Specified by sender.

Insufficiently Protected Credentials

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter

CVE-2023-33335 6.1 - Medium - July 05, 2023

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.

XSS

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1

CVE-2023-33336 4.8 - Medium - June 30, 2023

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

XSS

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4

CVE-2023-1671 9.8 - Critical - April 04, 2023

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Command Injection

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form

CVE-2020-36692 5.4 - Medium - April 04, 2023

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

XSS

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4

CVE-2022-4934 7.2 - High - April 04, 2023

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

Command Injection

An information disclosure vulnerability

CVE-2022-48310 5.5 - Medium - March 01, 2023

An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.

Cleartext Storage of Sensitive Information

A CSRF vulnerability

CVE-2022-48309 4.3 - Medium - March 01, 2023

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

Session Riding

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration

CVE-2022-4901 6.1 - Medium - March 01, 2023

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

XSS

An XML External Entity (XEE) vulnerability

CVE-2022-3980 9.8 - Critical - November 16, 2022

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.

XXE

A code injection vulnerability in the User Portal and Webadmin

CVE-2022-3236 9.8 - Critical - September 23, 2022

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

Code Injection

Multiple SQLi vulnerabilities in Webadmin

CVE-2022-1807 7.2 - High - September 07, 2022

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

SQL Injection

An insecure data storage vulnerability

CVE-2021-25266 3.9 - Low - April 27, 2022

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.

Insecure Storage of Sensitive Information

An information disclosure vulnerability in Webadmin

CVE-2022-0331 5.3 - Medium - March 29, 2022

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

An authentication bypass vulnerability in the User Portal and Webadmin

CVE-2022-1040 9.8 - Critical - March 25, 2022

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Confd log files contain local users', including rootâs, SHA512crypt password hashes with insecure access permissions

CVE-2022-0652 7.8 - High - March 22, 2022

Confd log files contain local users', including rootâs, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

Insertion of Sensitive Information into Log File

A post-auth SQL injection vulnerability in the Mail Manager potentially

CVE-2022-0386 8.8 - High - March 22, 2022

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.

SQL Injection

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges

CVE-2021-36809 6 - Medium - March 08, 2022

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.

A local administrator could prevent the HMPA service

CVE-2021-25269 4.4 - Medium - November 26, 2021

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.

Unquoted Search Path or Element

An authenticated user could potentially execute code

CVE-2021-36807 8.8 - High - November 26, 2021

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.

SQL Injection

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

CVE-2021-36808 7 - High - October 30, 2021

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

Race Condition

A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.

CVE-2021-25271 6 - Medium - October 08, 2021

A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.

CVE-2021-25270 6.7 - Medium - October 08, 2021

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

CVE-2021-25273 4.8 - Medium - July 29, 2021

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

XSS

In multiple versions of Sophos Endpoint products for MacOS

CVE-2021-25264 6.7 - Medium - May 17, 2021

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04

CVE-2020-29574 9.8 - Critical - December 11, 2020

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

SQL Injection

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5

CVE-2020-25223 9.8 - Critical - September 25, 2020

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Shell injection

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.

CVE-2020-14980 5.9 - Medium - June 22, 2020

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.

Improper Certificate Validation

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6

CVE-2020-10947 8.8 - High - April 17, 2020

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.

Improper Privilege Management

Sophos HitmanPro.Alert before build 861

CVE-2020-9540 7.8 - High - March 02, 2020

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.

Improper Privilege Management

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive

CVE-2020-9363 7.8 - High - February 24, 2020

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

Interpretation Conflict

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744

CVE-2018-3971 7.8 - High - October 25, 2018

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.

Write-what-where Condition

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744

CVE-2018-3970 5.5 - Medium - October 25, 2018

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Use of Uninitialized Resource

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6851 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6852 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6853 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6854 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6857 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6856 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

Buffer Overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation

CVE-2018-6855 7.8 - High - July 09, 2018

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

Buffer Overflow

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058

CVE-2016-9038 7.8 - High - April 24, 2018

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.

Race Condition

Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303

CVE-2016-8732 7.8 - High - April 24, 2018

Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.

Permission Issues

Sophos Endpoint Protection 10.7

CVE-2018-4863 5.5 - Medium - April 05, 2018

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.

7PK - Security Features

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings

CVE-2018-9233 7.8 - High - April 05, 2018

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.

Use of Password Hash With Insufficient Computational Effort

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload

CVE-2018-6318 7.8 - High - February 02, 2018

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.

Untrusted Path

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument

CVE-2018-6319 5.5 - Medium - February 02, 2018

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.

NULL Pointer Dereference

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response

CVE-2015-7547 8.1 - High - February 18, 2016

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Buffer Overflow

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which

CVE-2016-0778 8.1 - High - January 14, 2016

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Buffer Overflow

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0

CVE-2004-0937 - February 09, 2005

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004

CVE-2004-0932 - January 27, 2005

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3

CVE-2004-0933 - January 27, 2005

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Kaspersky 3.x to 4.x

CVE-2004-0934 - January 27, 2005

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Eset Anti-Virus before 1.020 (16th September 2004)

CVE-2004-0935 - January 27, 2005

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

RAV antivirus allows remote attackers to bypass antivirus protection

CVE-2004-0936 - January 27, 2005

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new

CVE-2004-1096 - January 10, 2005

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets

CVE-2004-2252 - December 31, 2004

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.

Side Channel Attack