Date: 20 January 2006
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0063 -- [Win][Linux]
F-Secure ZIP and RAR-archive Handling Vulnerability
20 January 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: F-Secure Anti-Virus for Workstation 5.44 and prior
F-Secure Anti-Virus for Windows Servers 5.52 and prior
F-Secure Anti-Virus for Citrix Servers 5.52
F-Secure Anti-Virus for MIMEsweeper 5.61 and prior
F-Secure Anti-Virus Client Security 6.01 and prior
F-Secure Anti-Virus for MS Exchange 6.40 and prior
F-Secure Internet Gatekeeper 6.42 and prior
F-Secure Anti-Virus for Firewalls 6.20 and prior
F-Secure Internet Security 2004, 2005 and 2006
F-Secure Anti-Virus 2004, 2005 and 2006
Solutions based on F-Secure Personal Express 6.20
and prior
F-Secure Anti-Virus for Linux Workstations 4.52
and prior
F-Secure Anti-Virus for Linux Servers 4.64 and prior
F-Secure Anti-Virus for Linux Gateways 4.64 and prior
F-Secure Anti-Virus for Samba Servers version 4.62
F-Secure Anti-Virus Linux Client Security 5.11
and prior
F-Secure Anti-Virus Linux Server Security 5.11
and prior
F-Secure Internet Gatekeeper for Linux 2.14 and prior
Publisher: CIAC
Operating System: Windows
Linux variants
Impact: Execute Arbitrary Code/Commands
Provide Misleading Information
Access: Remote/Unauthenticated
Original Bulletin: http://www.f-secure.com/security/fsc-2006-1.shtml
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
F-Secure ZIP and RAR-archive Handling Vulnerability
[F-Secure Security Bulletin FSC-2006-1]
January 19, 2006 18:00 GMT Number Q-103
______________________________________________________________________________
PROBLEM: A security vulnerability was discovered in the way F-Secure
Anti-Virus products for Microsoft Windows and Linux handle ZIP
and RAR-archive files.
PLATFORM: F-Secure Anti-Virus for Workstation version 5.44 and earlier
F-Secure Anti-Virus for Windows Servers version 5.52
and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Anti-Virus Client Security version 6.01 and earlier
F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
F-Secure Internet Gatekeeper version 6.42 and earlier
F-Secure Anti-Virus for Firewalls version 6.20 and earlier
F-Secure Internet Security 2004, 2005 and 2006
F-Secure Anti-Virus 2004, 2005 and 2006
Solutions based on F-Secure Personal Express
version 6.20 and earlier
F-Secure Anti-Virus for Linux Workstations version 4.52 and
earlier
F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
F-Secure Anti-Virus for Samba Servers version 4.62
F-Secure Anti-Virus Linux Client Security 5.11 and earlier
F-Secure Anti-Virus Linux Server Security 5.11 and earlier
F-Secure Internet Gatekeeper for Linux 2.14 and earlier
DAMAGE: Specially crafted ZIP archives may be used to execute code on
affected systems. Both RAR- and ZIP-archives can in addition be
crafted to avoid successful scanning and obfuscate malicious
code in the archive.
SOLUTION: See F-Secure's bulletin for a listing of products that are not
automatically updated. Apply available security updates.
______________________________________________________________________________
VULNERABILITY The risk is HIGH for gateway installations that scan web (HTTP
ASSESSMENT: FTP) and mail (SMTP, POP) traffic. The on-access scanners of
some products are not vulnerable in their default
configurations. Standard operating procedures protect or reduce
the vulnerability of some products. Automated patching protects
some products.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-103.shtml
ORIGINAL BULLETIN: http://www.f-secure.com/security/fsc-2006-1.shtml
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBQ8/gV7nzJzdsy3QZAQFojwQAmD7AiSSMzNl/RmErAe+0x4OKADU7Ibru
hYDFo9+ffiX4PZzPpShfgHdL/bqTLqxjsuH2AQkzi6/5al7dtCv+Cx+HbzS5auQp
Yhk8HXEeuOSevL7bdvMFrktOjBKlH0qFNMHzVCi0xy9vfasHD846R9mPCWqgmD7P
MSEpvmZ05ok=
=wB9A
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQ9AyHih9+71yA2DNAQL6PwP8D3yc3BR8ebYi7Sr1d83xCbpcbNHDvHNC
92b8Yj4Ca4CHdBN7liiVXbVsu66R+oEWbpZr6pZa36dwkW+/afJCQWJLBF/3apRK
myzk2iG2u6OqcyyxgkswKBeDrQB6i71zn+xscBzbnTuOoDirOZ/YlzLCDrWfhBv1
OsJHpXUbYHI=
=SxJW
-----END PGP SIGNATURE-----
|