lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <13312896828.20050211171540@axelero.hu>
From: papp_geza1 at axelero.hu (Geza Papp dr (Axelero))
Subject: [SA14216] F-Secure Multiple Products ARJ Archive
	Handling Vulnerability

TITLE:
F-Secure Multiple Products ARJ Archive Handling Vulnerability

SECUNIA ADVISORY ID:
SA14216

VERIFY ADVISORY:
http://secunia.com/advisories/14216/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
F-Secure Anti-Virus 2004
http://secunia.com/product/3500/
F-Secure Anti-Virus 2005
http://secunia.com/product/4299/
F-Secure Anti-Virus 5.x
http://secunia.com/product/3334/
F-Secure Anti-Virus Client Security 5.x
http://secunia.com/product/2718/
F-Secure Anti-Virus for Firewalls 6.x
http://secunia.com/product/451/
F-Secure Anti-Virus for Linux 4.x
http://secunia.com/product/3165/
F-Secure Anti-Virus for Microsoft Exchange 6.x
http://secunia.com/product/454/
F-Secure Anti-Virus for MIMEsweeper 5.x
http://secunia.com/product/455/
F-Secure Anti-Virus for Samba Servers 4.x
http://secunia.com/product/3501/
F-Secure Anti-Virus for Workstations 5.x
http://secunia.com/product/457/
F-Secure Internet Gatekeeper 6.x
http://secunia.com/product/3339/
F-Secure Internet Gatekeeper for Linux 2.x
http://secunia.com/product/4635/
F-Secure Internet Security 2004
http://secunia.com/product/3499/
F-Secure Internet Security 2005
http://secunia.com/product/4300/

DESCRIPTION:
ISS X-Force has reported a vulnerability in multiple F-Secure
products, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error in the antivirus
scanning functionality when processing ARJ archives. This can be
exploited to cause a buffer overflow via a specially crafted ARJ
archive.

Successful exploitation allows execution of arbitrary code, but
requires that the malicious ARJ archive is scanned with archive
scanning enabled.

The following products are affected:
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Citrix Servers version 5.50
* F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* Solutions based on F-Secure Personal Express version 5.10 and
earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and
earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.01 and earlier
* F-Secure Anti-Virus Linux Server Security 5.01 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06

SOLUTION:
Apply patches (see vendor advisory for details).

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
F-Secure:
http://www.f-secure.com/security/fsc-2005-1.shtml

ISS:
http://xforce.iss.net/xforce/alerts/id/188

----------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ