F-Secure
Tools
Security Advisory FSC-2007-4
Denial of service vulnerability in F-Secure Policy Manager Server host module
| Date issued | 2007-05-29 |
|---|---|
| Last updated | 2007-05-29 |
| Risk factor | Low (Low/Medium/High/Critical) |
| Brief description | F-Secure Policy Manager Server has denial of service vulnerability in fsmsh.dll host module. This may allow an attacker to execute denial of service code in F-Secure Policy Manager Server. |
| Software | F-Secure Policy Manager Server |
| Affected versions | F-Secure Policy Manager Server version 7.00 and earlier |
| Affected platforms | All supported Windows versions |
| Advisory location | http://www.f-secure.com/security/fsc-2007-4.shtml |
| Issue | An attacker may remotely cause denial of service in F-Secure Policy Manager Server by using NTFS reserved words as URL filenames. |
| Products | F-Secure Policy Manager Server 7.00 F-Secure Policy Manager Server 6.xx F-Secure Policy Manager Server 5.xx |
| Risk factor | Low |
| These products contain the vulnerability, but since product is always installed to internal company local area network and is not available through public Internet, the problem risk factor is low. |
Available patches:
| Product | Versions | Hotfix ID | Download |
|---|---|---|---|
| F-Secure Policy Manager Server | 5.xx - 7.00 | Upgrade to F-Secure Policy Manager Server 7.01 | http://www.f-secure.com/webclub/fspm.html |
| F-Secure Policy Manager Server | 5.70 - 7.00 | fspms-700-60x-570-hotfix2.zip | ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip |
| Credits | F-Secure want to thank David Maciejak for reporting this issue. |
|---|---|
| Revision history | FSC-2007-4 / 2007-05-29 |
Contact information:
Support: http://www.f-secure.com/en_EMEA/support/