[NEWS] F-Secure Products CAB and RAR Archives Security Bypass

[c.m.g]

13 febbraio 2008


La società di sicurezza Secunia ha riportato un advisory (SA28919), giudicata Less critical, in cui si spiega che Thierry Zoller del n.runs AG. ha trovato una vulnerabilità in vari prodotti F-Secure che può essere usato da un malware per bypassare le funzionalità di scansione.

La vulnerabilità è causata da un errore di manipolazione dei files CAB e RAR da parte dei software citati che può essere usato da malware per bypassare le funzionalità di scanning, specialmente in file .rar o .cab creato ad hoc da malintenzionati.

Nello specifico, questi sono i Software ed i relativi sistemi operativi colpiti da questo bug:
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 2008
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus Client Security 7.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for Microsoft Exchange 7.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Windows Servers 7.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Anti-Virus for Workstations 7.x
F-Secure Anti-Virus Linux Client Security 5.x
F-Secure Anti-Virus Linux Server Security 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2006
F-Secure Internet Security 2007
F-Secure Internet Security 2008



I prodotti nello specifico sono:
* F-Secure Internet Security 2008
* F-Secure Internet Security 2007 Second Edition
* F-Secure Internet Security 2007
* F-Secure Internet Security 2006
* F-Secure Anti-Virus 2008
* F-Secure Anti-Virus 2007, v.7.02
* F-Secure Anti-Virus 2007
* F-Secure Anti-Virus 2006
* F-Secure Anti-Virus Client Security 7.10
* F-Secure Anti-Virus Client Security 7.01
* F-Secure Anti-Virus Client Security 6.03
* F-Secure Anti-Virus Client Security 6.02
* F-Secure Anti-Virus for Workstations 7.10
* F-Secure Anti-Virus for Workstations 7.00
* F-Secure Anti-Virus for Workstations 5.44
* F-Secure Anti-Virus Linux Client Security 5.53
* F-Secure Anti-Virus Linux Client Security 5.52
* F-Secure Anti-Virus for Linux 4.65
* Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
* Solutions based on F-Secure Protection Service for Business version 3.00 and earlier
* F-Secure Anti-Virus for Windows Servers 7.00
* F-Secure Anti-Virus for Windows Servers 5.52
* F-Secure Anti-Virus for Citrix Servers 5.52
* F-Secure Anti-Virus Linux Server Security 5.53
* F-Secure Anti-Virus Linux Server Security 5.52
* F-Secure Anti-Virus for Microsoft Exchange 7.0
* F-Secure Anti-Virus for Microsoft Exchange 6.62
* F-Secure Internet Gatekeeper 6.61, Windows
* F-Secure Internet Gatekeeper for Linux 2.16
* F-Secure Anti-Virus for MIMEsweeper 5.61
* F-Secure Messaging Security Gateway 4.0.7 and earlier

Soluzione:
Applicare le patch di riferimenti per ciascun prodotto, seguire l'advisory originale per maggiori info.


Original Advisory:
http://www.f-secure.com/security/fsc-2008-1.shtml


Fonte: Secunia