TITLE:
F-Secure Multiple Products ARJ Archive Handling Vulnerability
SECUNIA ADVISORY ID:
SA14216
VERIFY ADVISORY:
http://secunia.com/advisories/14216/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
F-Secure Anti-Virus 2004
http://secunia.com/product/3500/
F-Secure Anti-Virus 2005
http://secunia.com/product/4299/
F-Secure Anti-Virus 5.x
http://secunia.com/product/3334/
F-Secure Anti-Virus Client Security 5.x
http://secunia.com/product/2718/
F-Secure Anti-Virus for Firewalls 6.x
http://secunia.com/product/451/
F-Secure Anti-Virus for Linux 4.x
http://secunia.com/product/3165/
F-Secure Anti-Virus for Microsoft Exchange 6.x
http://secunia.com/product/454/
F-Secure Anti-Virus for MIMEsweeper 5.x
http://secunia.com/product/455/
F-Secure Anti-Virus for Samba Servers 4.x
http://secunia.com/product/3501/
F-Secure Anti-Virus for Workstations 5.x
http://secunia.com/product/457/
F-Secure Internet Gatekeeper 6.x
http://secunia.com/product/3339/
F-Secure Internet Gatekeeper for Linux 2.x
http://secunia.com/product/4635/
F-Secure Internet Security 2004
http://secunia.com/product/3499/
F-Secure Internet Security 2005
http://secunia.com/product/4300/
DESCRIPTION:
ISS X-Force has reported a vulnerability in multiple F-Secure
products, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to a boundary error in the antivirus
scanning functionality when processing ARJ archives. This can be
exploited to cause a buffer overflow via a specially crafted ARJ
archive.
Successful exploitation allows execution of arbitrary code, but
requires that the malicious ARJ archive is scanned with archive
scanning enabled.
The following products are affected:
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Citrix Servers version 5.50
* F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* Solutions based on F-Secure Personal Express version 5.10 and
earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and
earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.01 and earlier
* F-Secure Anti-Virus Linux Server Security 5.01 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06
SOLUTION:
Apply patches (see vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.
ORIGINAL ADVISORY:
F-Secure:
http://www.f-secure.com/security/fsc-2005-1.shtml
ISS:
http://xforce.iss.net/xforce/alerts/id/188
----------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
