FSC-2007-5: Scan Bypass Vulnerabilities with LHA & RAR Archives
F-Secure Policy Manager Server has denial of service vulnerability in fsmsh.dll host module. This may allow an attacker to execute denial of service code in F-Secure Policy Manager Server.
An attacker may remotely cause denial of service in F-Secure Policy Manager Server by using NTFS reserved words as URL filenames.
All platforms supported by the affected products
Risk Level: LOW (Low/Medium/High/Critical)
F-Secure Policy Manager Server 7.00
F-Secure Policy Manager Server 6.xx
F-Secure Policy Manager Server 5.xx
These products contain the vulnerability, but since product is always installed to internal company local area network and is not available through public Internet, the problem risk factor is low.
F-Secure want to thank David Maciejak for reporting this issue.
|F-Secure Policy Manager Server||5.xx - 7.00||Upgrade to F-Secure Policy Manager Server 7.01||http://www.f-secure.com/webclub/fspm.html|
|F-Secure Policy Manager Server||5.70 - 7.00||fspms-700-60x-570-hotfix2.zip||ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip|
Date Issued: 2007-05-29
Last Updated: 2007-05-29
2007 Security advisories
- FSC-2007-6: EXE & Packed File Scanning Vulnerabilities (2007-09-27)
- FSC-2007-5: Scan Bypass Vulnerabilities with LHA & RAR Archives (2007-06-19
- FSC-2007-4: Denial of Service Vulnerability in F-Secure Policy Manager Server host module (2007-05-30)
- FSC-2007-3: EXE & Packed File Scanning Vulnerabilities (2007-05-30)
- FSC-2007-2: IOCTL Vulnerability in Real-time Scanning Component (2007-05-30)
- FSC-2007-1: Buffer Overflow Vulnerability in Handling LHA Archives (2007-05-30)