Sophos was recently notified of a vulnerability in the Sophos Anti-Virus for Linux web user interface, which is used by some customers to configure Sophos Anti-Virus.
This vulnerability could in theory have allowed an attacker who already had access to a Linux system to get elevated privileges, although in practice it is quite unlikely that they would have been able to do so. To exploit the vulnerability the attacker would need to have user access to a Linux system with Sophos Anti-Virus and the web UI enabled, as well as know the user name and password for the web UI.
The vulnerability has been fixed in version 9.6.1 of Sophos Anti-Virus for Linux, which was released in May. If products are configured in Sophos Enterprise Console to use the “recommended” subscription, they will by now have received this new version automatically.
At Sophos, we continually invest in making our products as secure as possible. When security issues like this are identified, we prioritize fixing them as quickly and completely as possible. We would like to thank the researcher, Pablo Catalina from Portcullis Computer Security Ltd, for identifying this vulnerability and for disclosing it responsibly.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.