Security Advisories

FSC-2006-3: BUFFER OVERFLOW IN WEB CONSOLE OF F-SECURE ANTI-VIRUS

Description

There is buffer overflow vulnerability in the web console before authentication takes place. The overflow may crash the web console process. By default the connections are only allowed from the local host. It may be possible to execute arbitrary code with this vulnerability. There are no known exploits for this currently. To solve the problem apply the appropriate hotfix.

Possible Scenarios

  • Scenario 1
    Default configuration. Web Console is configured by default to accept connections only from the local host.
    Risk Factor: Medium
    There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
  • Scenario 2
    Web Console is configured to allow connections from specific/trusted hosts.
    Risk Factor: Medium
    There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
  • Scenario 3
    Web Console is configured to allow connections from all hosts.
    Risk Factor: Critical
    There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.

 

Affected Products


Risk Level: HIGH (Low/Medium/High/Critical)
  • F-Secure Anti-Virus for Microsoft Exchange 6.40
  • F-Secure Internet Gatekeeper 6.50, 6.42, 6.41, 6.40 versions

Note: Earlier versions of F-Secure Service Platform for Service Providers are known as F-Secure Personal Express

 

Platforms

All platforms supported by the affected products

 

Mitigating Factors

Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are configured by default to accept local host connections only meaning that it is possible to access the Web Console only from the local machine. There is no known exploit for this buffer overflow.

 

Patch Available

Product Versions        Download
AF-Secure Anti-Virus for Microsoft Exchange 6.40 Apply hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip
F-Secure Internet Gatekeeper 6.50 Upgrade to F-Secure Internet Gatekeeper 6.60 or apply hotfix for the F-Secure Internet Gatekeeper 6.50: ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip
F-Secure Internet Gatekeeper 6.42, 6.41, 6.40 Upgrade to F-Secure Internet Gatekeeper 6.60

 

Credits

F-Secure Corporation would like to thank Mikko Korppi for bringing this issue to our attention.

 

Date Issued: 2006-06-01
Last Updated: 2006-06-01

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now