F-Secure Vulnerability (Version 5.x)

#1 EIin Vulnerability wurde im F-Secure Antivirus (Version 5.x) gefunden

Zitat

F-Secure Anti-Virus Archived Virus Detection Bypass Vulnerability

VERIFY ADVISORY:
http://secunia.com/advisories/11699/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
F-Secure Anti-Virus for Workstations 5.x
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 5.x
F-Secure Anti-Virus for File Servers 5.x

DESCRIPTION:
A vulnerability has been discovered in F-Secure Anti-Virus,
potentially allowing certain malware to bypass the virus detection.

The vulnerability is caused due to an unspecified error, which
reportedly causes a problem with properly detecting the Sober.D and
Sober.G viruses in PKZip archives.

The vulnerability has been reported in the following versions:
* F-Secure Anti Virus 5.41/5.42 for Workstations
* F-Secure Anti-Virus 5.41/5.42 for File Servers
* F-Secure Anti Virus Client Security 5.50 and 5.52

SOLUTION:
F-Secure Anti-Virus Client Security 5.52 Service Release 1 (SR-1) is
not affected.

Fixes:
FSAV 5.42/5.41 Hotfix 3:
ftp://ftp.f-secure.com/support/hotfix/fsav/fsavwk552-05-signed.fsfix

FSAV 5.41/5.42 for Servers Hotfix 13:
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr541-13-signed.fsfix

FSAVCS Hotfix 10 (Anti-Virus Hotfix 5):
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk552-05-signed.fsfix

von
http://secunia.com/about_secunia_advisories/
bzw.
secunia Newsletter

Gruß paff
__________
http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware

#2 Und noch einer hinterher

F-Secure Anti-Virus Products LHA Archive Processing Buffer Overflow

Zitat

SECUNIA ADVISORY ID:
SA11712

VERIFY ADVISORY:
http://secunia.com/advisories/11712/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
F-Secure Anti-Virus 2004
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 5.x
F-Secure Anti-Virus for File Servers 5.x
F-Secure Anti-Virus for Firewalls 6.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Samba Servers 4.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Security 2004

DESCRIPTION:
A vulnerability has been discovered in various F-Secure Anti-Virus
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).

The vulnerability is caused due to a boundary error within a module
responsible for accessing content in LHA archives while scanning for
viruses. This can be exploited to cause a buffer overflow by passing
a specially crafted LHA archive to a system running a vulnerable
product.

According to the vendor, successful exploitation causes the affected
module to restart. The impact varies depending on the used product
and ranges from performance degradation to system crashes and
potential failure in detecting viruses.

The vulnerability affects the following products:
* F-Secure Anti-Virus for Workstation 5.42 and earlier
* F-Secure Anti-Virus for Windows Servers 5.42 and earlier
* F-Secure Anti-Virus for MIMEsweeper 5.42 and earlier
* F-Secure Anti-Virus Client Security 5.52 and earlier
* F-Secure Anti-Virus for MS Exchange 6.21 and earlier
* F-Secure Internet Gatekeeper 6.32 and earlier
* F-Secure for Firewalls 6.20 and earlier
* F-Secure Internet Security 2004 and earlier
* F-Secure Anti-Virus 2004 and earlier
* Solutions based on F-Secure Personal Express 4.5x, 4.6x and 4.7x
* F-Secure Anti-Virus for Linux Workstations 4.52 and earlier
* F-Secure Anti-Virus for Linux Servers 4.52 and earlier
* F-Secure Anti-Virus for Linux Gateways 4.52 and earlier
* F-Secure Anti-Virus for Samba Servers 4.60

SOLUTION:
See patch matrix in original advisory.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2004-1.shtml

Gruß paff
__________
http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware