[ news_security_news ]
Vulnerabilities In F-Secure
John Stith
Staff Writer
2006-01-19
 Insider Reports RSS Feed
Finnish security software firm, F-Secure announced they had a few problems in their product and put out a bulletin to cover them. The vulnerability affects a number of their anti-virus products for both Windows and Linux.
The bulletin says:
It is possible to create specially crafted ZIP archives that cause a buffer overflow. This allows an attacker to execute code of his choice on affected systems. It is in addition possible to create malformed RAR- and ZIP-archives that cannot be scanned properly. This can lead to a false negative scan result.
One of the reasons this is significant is because it affects a variety of their products over the last couple of years. They rate the risk as critical. The fixes vary somewhat though, depending on which software package. One thing to point out is some products will be dealt with automatically because of their Hotfix updates. The bulletin page is links to all the other fixes needed.
Mitigating Factors:
The vulnerability requires that the exploit is scanned with archive scanning enabled. This is typically the case in gateway environments and scheduled scans on servers. On-access scanning does not scan inside archives in a typical configuration. This makes successful exploration of the vulnerability less likely in client environments.
Clearswift MIMEsweeper handles archive extraction and this reduces the risk in environments that use F-Secure Anti-Virus for MIMEsweeper.
They pointed out on their blog the best way to handle this is to make sure everything is updated. Yes.
Add to | DiggThis | Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
