Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.0455 -- [Win][Linux] F-Secure: Reduced Security 11 May 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier F-Secure Internet Gatekeeper for Windows 6.61 and earlier F-Secure Internet Gatekeeper for Linux 2.16 and earlier F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier F-Secure Internet Security 2009 and earlier F-Secure Anti-Virus 2009 and earlier F-Secure Client Security 8.0 and earlier F-Secure Anti-Virus for Workstations 8.0 and earlier F-Secure Linux Security 7.01 and earlier F-Secure Anti-Virus Linux Client Security 5.54 and earlier Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier F-Secure Home Server Security 2009 F-Secure Anti-Virus for Windows Servers 8.00 and earlier F-Secure Anti-Virus for Citrix Servers 7.00 and earlier F-Secure Linux Security 7.02 and earlier F-Secure Anti-Virus Linux Server Security 5.54 and earlier F-Secure Anti-Virus for Linux Servers 4.65 F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier Publisher: F-Secure Operating System: Linux variants Windows Impact: Reduced Security Access: Remote/Unauthenticated Original Bulletin: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security Advisory FSC-2009-1 ZIP and RAR archive evasion vulnerability Date issued 2009-05-06 Last updated 2009-05-06 Risk level High (Low/Medium/High/Critical) Brief description Malware inside specially crafted archive files remains undetected. Mitigating factors * The vulnerability only affects the antivirus softwares ability to scan inside compressed archives. In general, compressed archives are scanned in gateway environments. In a typical configuration, on-access scanning does not scan inside compressed archives. Therefore, the vulnerability is insignificant in client environments. * Attackers can exploit the vulnerability by sending malware inside specially-made compressed file archives to users. At the time of publishing the Security Advisory, there are no known exploits. Affected platforms All supported platforms Gateways: Products: F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier F-Secure Internet Gatekeeper for Windows 6.61 and earlier F-Secure Internet Gatekeeper for Linux 2.16 and earlier F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier Risk level High Notes: The vulnerability may cause malware to remain undetected and pass through gateway scanners. The vulnerability does not compromise the integrity of the system used to run the product. Note that the Beta and Release Candidate versions of F-Secure Anti-Virus for Microsoft Exchange 8.0 are vulnerable. Users testing these versions are instructed to upgrade to the RTM version which is not vulnerable. Clients and servers: Products: F-Secure Internet Security 2009 and earlier F-Secure Anti-Virus 2009 and earlier F-Secure Client Security 8.0 and earlier F-Secure Anti-Virus for Workstations 8.0 and earlier F-Secure Linux Security 7.01 and earlier F-Secure Anti-Virus Linux Client Security 5.54 and earlier Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier F-Secure Home Server Security 2009 F-Secure Anti-Virus for Windows Servers 8.00 and earlier F-Secure Anti-Virus for Citrix Servers 7.00 and earlier F-Secure Linux Security 7.02 and earlier F-Secure Anti-Virus Linux Server Security 5.54 and earlier F-Secure Anti-Virus for Linux Servers 4.65 F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier Risk level Low Notes: The vulnerability affects these products ability to scan inside archived files, but may in the worst case delay detection of malware, or enables the user to forward infected files to other systems. The severity is low as these products primary purpose is to protect the system they run on rather than stopping malware in transit. These products will not be patched as a direct result of this advisory, but they receive fixes as part of normal version upgrades. Advisory location: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html Available patches: F-Secure deliver patches to its supported product versions that are vulnerable. See further information on supported products and F-Secures Product Lifecycle Policy. Product Versions Download Solutions based on F-Secure Protection Service for Business - E-mail and Server security All supported versions Packages will be available in the updated channel, and they are installed automatically. F-Secure Anti-Virus for Microsoft Exchange 7.10 ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse710-05.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/ F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse700-04.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/ F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse662-08.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/ F-Secure Internet Gatekeeper for Windows 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig sigk661-04.zip F-Secure Internet Gatekeeper for Linux 2.16 and earlier Upgrade to version 3.02: http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/ F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier http://www.f-secure.co.jp/support/menu.html Note: This hotfix is intended only for the Japanese version of the product. Credits F-Secure want to thank Roger Mickael (mickael@mickael-roger.com) for bringing this issue to our attention. Revision history FSC-2009-05-06 Contact information: Support: http://www.f-secure.com/en_EMEA/support/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKB7wyNVH5XJJInbgRAiZ2AJ9oCP1QgppD6pAsjeV8lkAU663kOQCdEfPv zgBpgm/7XnyDYDY0Y4sbS4k= =I/eN -----END PGP SIGNATURE-----