FSC-2006-3: Buffer overflow in Web Console of F-Secure Anti-Virus
Brief Description
There is buffer overflow vulnerability in the web console before authentication takes place. The overflow may crash the web console process. By default the connections are only allowed from the local host. It may be possible to execute arbitrary code with this vulnerability. There are no known exploits for this currently. To solve the problem apply the appropriate hotfix.
Possible Scenarios
Scenario 1
Default configuration. Web Console is configured by default to accept connections only from the local host.
Risk Factor Medium
There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
Scenario 2
Web Console is configured to allow connections from specific/trusted hosts.
Risk Factor Medium
There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
Scenario 3
Web Console is configured to allow connections from all hosts.
Risk Factor Critical
There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
Affected Platforms
All platforms supported by the affected products
Products
Risk Level: HIGH (Low/Medium/High/Critical)
F-Secure Anti-Virus for Microsoft Exchange 6.40
F-Secure Internet Gatekeeper 6.50, 6.42, 6.41, 6.40 versions
Note: Earlier versions of F-Secure Service Platform for Service Providers are known as F-Secure Personal Express
Mitigating Factors
Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are configured by default to accept local host connections only meaning that it is possible to access the Web Console only from the local machine. There is no known exploit for this buffer overflow.
Credit
F-Secure want to thank Mikko Korppi for bringing this issue to our attention.
Patch Available
| Product | Versions | Download |
|---|---|---|
| AF-Secure Anti-Virus for Microsoft Exchange | 6.40 | Apply hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip |
| F-Secure Internet Gatekeeper | 6.50 | Upgrade to F-Secure Internet Gatekeeper 6.60 or apply hotfix for the F-Secure Internet Gatekeeper 6.50: ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip |
| F-Secure Internet Gatekeeper | 6.42, 6.41, 6.40 | Upgrade to F-Secure Internet Gatekeeper 6.60 |
Date Issued: 2006-06-01
Last Updated: 2006-06-01
2006 Security Advisories
- FSC-2006-6: OpenSSL Denial of Service Vulnerability (2006-11-29)
- FSC-2006-5: Deeply Nested Malformed MIME Denial of Service Attack (2006-07-14)
- FSC-2006-4: Scanning Bypass Vulnerability (2006-06-28)
- FSC-2006-3: Buffer overflow in Web Console of F-Secure Anti-Virus (2006-06-01)
- FSC-2006-2: Sendmail MTA Security Vulnerability (2006-03-28)
- FSC-2006-1: Code Execution Vulnerability in ZIP and RAR Archive Handling (2006-01-19)
