Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2007-5: Scan Bypass Vulnerabilities with LHA & RAR Archives

 

Brief Description

F-Secure Policy Manager Server has denial of service vulnerability in fsmsh.dll host module. This may allow an attacker to execute denial of service code in F-Secure Policy Manager Server.

An attacker may remotely cause denial of service in F-Secure Policy Manager Server by using NTFS reserved words as URL filenames.
 

Affected Platforms   

All platforms supported by the affected products
 

Products

Risk Level: LOW (Low/Medium/High/Critical)

Clients

F-Secure Policy Manager Server 7.00
F-Secure Policy Manager Server 6.xx
F-Secure Policy Manager Server 5.xx
 

Mitigating Factors

These products contain the vulnerability, but since product is always installed to internal company local area network and is not available through public Internet, the problem risk factor is low.
 

Credit

F-Secure want to thank David Maciejak for reporting this issue.
 

Patch Available

Product Versions Hotfix ID Download
F-Secure Policy Manager Server 5.xx - 7.00 Upgrade to F-Secure Policy Manager Server 7.01 http://www.f-secure.com/webclub/fspm.html
F-Secure Policy Manager Server 5.70 - 7.00 fspms-700-60x-570-hotfix2.zip ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip

Date Issued: 2007-05-29
Last Updated: 2007-05-29

Get Support online

For documentation and product support, visit our Support site.

 

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.