[security-alerts] FW: [SA18529] F-Secure Anti-Virus Archive Handling Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> F-Secure Anti-Virus Archive Handling Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA18529
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18529/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Security Bypass, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> F-Secure Personal Express 6.x
> http://secunia.com/product/6885/
> F-Secure Internet Security 2006
> http://secunia.com/product/6883/
> F-Secure Internet Security 2005
> http://secunia.com/product/4300/
> F-Secure Internet Security 2004
> http://secunia.com/product/3499/
> F-Secure Internet Gatekeeper for Linux 2.x
> http://secunia.com/product/4635/
> F-Secure Internet Gatekeeper 6.x
> http://secunia.com/product/3339/
> F-Secure Anti-Virus for Workstations 5.x
> http://secunia.com/product/457/
> F-Secure Anti-Virus for Windows Servers 5.x
> http://secunia.com/product/452/
> F-Secure Anti-Virus for Samba Servers 4.x
> http://secunia.com/product/3501/
> F-Secure Anti-Virus for MIMEsweeper 5.x
> http://secunia.com/product/455/
> F-Secure Anti-Virus for Microsoft Exchange 6.x
> http://secunia.com/product/454/
> F-Secure Anti-Virus for Linux 4.x
> http://secunia.com/product/3165/
> F-Secure Anti-Virus for Firewalls 6.x
> http://secunia.com/product/451/
> F-Secure Anti-Virus for Citrix Servers 5.x
> http://secunia.com/product/5198/
> F-Secure Anti-Virus Client Security 6.x
> http://secunia.com/product/5786/
> F-Secure Anti-Virus Client Security 5.x
> http://secunia.com/product/2718/
> F-Secure Anti-Virus 5.x
> http://secunia.com/product/3334/
> F-Secure Anti-Virus 2006
> http://secunia.com/product/6882/
> F-Secure Anti-Virus 2005
> http://secunia.com/product/4299/
> F-Secure Anti-Virus 2004
> http://secunia.com/product/3500/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in various F-Secure products,
> which can be exploited by malware to bypass detection or malicious
> people to compromise a vulnerable system.
> 
> 1) A boundary error in the handling of ZIP archives can be exploited
> via a specially crafted ZIP archive to cause a buffer overflow and
> execute arbitrary code.
> 
> 2) An error in the scanning functionality when processing RAR and ZIP
> archives can be exploited to prevent malware from being detected.
> 
> The vulnerabilities affect the following products:
> * F-Secure Anti-Virus for Workstation version 5.44 and earlier
> * F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
> * F-Secure Anti-Virus for Citrix Servers version 5.52
> * F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
> * F-Secure Anti-Virus Client Security version 6.01 and earlier
> * F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
> * F-Secure Internet Gatekeeper version 6.42 and earlier
> * F-Secure Anti-Virus for Firewalls version 6.20 and earlier
> * F-Secure Internet Security 2004, 2005 and 2006
> * F-Secure Anti-Virus 2004, 2005 and 2006
> * Solutions based on F-Secure Personal Express version 6.20 and
> earlier
> * F-Secure Anti-Virus for Linux Workstations version 4.52 and
> earlier
> * F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
> * F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
> * F-Secure Anti-Virus for Samba Servers version 4.62
> * F-Secure Anti-Virus Linux Client Security 5.11 and earlier
> * F-Secure Anti-Virus Linux Server Security 5.11 and earlier
> * F-Secure Internet Gatekeeper for Linux 2.14 and earlier
> 
> SOLUTION:
> Apply patches (see patch matrix in vendor advisory).
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Thierry Zoller.
> 
> ORIGINAL ADVISORY:
> http://www.f-secure.com/security/fsc-2006-1.shtml
>