Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: News Security advisories 2008 FSC-2008-1: CAB and RAR Archive Scanning Vulnerabilities

Security advisories

FSC-2008-1: CAB & RAR Archive Scanning Vulnerabilities

 

Brief Description

Specially crafted CAB and RAR archives can bypass antivirus scanning.

Affected Platforms   

All supported platforms

Products

Clients

Risk Level: MEDIUM (Low/Medium/High/Critical)

User is able to move infected archives to and from client, but client does not get infected.

•  F-Secure Internet Security 2008
•  F-Secure Internet Security 2007 Second Edition
•  F-Secure Internet Security 2007
•  F-Secure Internet Security 2006
•  F-Secure Anti-Virus 2008
•  F-Secure Anti-Virus 2007 Second Edition
•  F-Secure Anti-Virus 2007
•  F-Secure Anti-Virus 2006
•  F-Secure Client Security 7.10
•  F-Secure Client Security 7.01
•  F-Secure Anti-Virus Client Security 6.04
•  F-Secure Anti-Virus Client Security 6.03
•  F-Secure Anti-Virus for Workstations 7.10
•  F-Secure Anti-Virus for Workstations 7.00
•  F-Secure Anti-Virus for Workstations 5.44
•  F-Secure Anti-Virus Linux Client Security 5.53
•  F-Secure Anti-Virus Linux Client Security 5.52
•  F-Secure Anti-Virus for Linux 4.65
•  Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
•  Solutions based on F-Secure Protection Service for Business version 3.00 and earlier

 

Servers

Risk Level: MEDIUM (Low/Medium/High/Critical)

User is able to move infected content to and from servers

•  F-Secure Anti-Virus for Windows Servers 7.00
•  F-Secure Anti-Virus for Windows Servers 5.52
•  F-Secure Anti-Virus for Citrix Servers 5.52
•  F-Secure Anti-Virus Linux Server Security 5.53
•  F-Secure Anti-Virus Linux Server Security 5.52

 

Gateways

Risk Level: CRITICAL (Low/Medium/High/Critical)

The gateway passes archives unscanned.

•  F-Secure Anti-Virus for Microsoft Exchange 7.0
•  F-Secure Anti-Virus for Microsoft Exchange 6.62
•  F-Secure Internet Gatekeeper 6.61, Windows
•  F-Secure Internet Gatekeeper for Linux 2.16
•  F-Secure Anti-Virus for MIMEsweeper 5.61
•  F-Secure Messaging Security Gateway 4.0.7 and earlier
 

Mitigating Factors

Exploitation of these vulnerabilities requires specially crafted archives. The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix below.

Client software catches hostile content after CAB/RAR container is opened thus making infection impossible. Server software does not scan by default CAB/RAR packed content. When the container is opened the exposed content is scanned thus making infection impossible.

Server software does not scan by default CAB/RAR packed content. When the container is opened the exposed content is scanned thus making infection impossible.

Credit

F-Secure wants to thank Mr Thierry Zoller at n.runs AG for reporting these issues.

Patch Available

Product Versions Download
F-Secure Anti-Virus Client Security 6.03
6.04		 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk604-01-signed.fsfix
F-Secure Client Security 7.01-7.10 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsav741-02-signed.fsfix
F-Secure Anti-Virus for Workstations 5.44 ftp://ftp.f- secure.com/support/hotfix/fsav/fsavwk572-01-signed.fsfix
F-Secure Anti-Virus for Workstations 7.00-7.10 ftp://ftp.f-secure.com/support/hotfix/fsav/fsav741-02-signed.fsfix
F-Secure Anti-Virus for Windows Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-14-signed.fsfix
F-Secure Anti-Virus for Windows Servers 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav720-03-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-14-signed.fsfix
F-Secure Anti-Virus Linux Client Security 5.52 http://www.f- secure.com/webclub/fscsl.html
F-Secure Anti-Virus Linux Client Security 5.53 http://www.f- secure.com/webclub/fscsl.html
F-Secure Anti-Virus Linux Server Security 5.52 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus Linux Server Security 5.53 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus for Linux Gateways 4.65 http://www.f- secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Linux Servers 4.65 http://www.f- secure.com/webclub/fsavsrvl.html
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse662-04.zip
F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse700-01.zip
F-Secure Internet Gatekeeper 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-01.zip
F-Secure Internet Gatekeeper for Linux 2.16 http://www.f- secure.com/webclub/fsigkl.html
F-Secure Anti-Virus for MIMEsweeper 5.61 ftp://ftp.f-secure.com/support/hotfix/fsav-msw/fsavsr552-14-signed.fsfix
F-Secure Messaging Security Gateway 3.x Unsupported version. Please upgrade to the latest version.
F-Secure Messaging Security Gateway 4.0.6
4.0.7		 Packages will be available in the update channel, and installed automatically.
Protection Services For Consumers 5 and 6 Packages will be available in the update channel, and installed automatically.
Protection Services For Businesses 3 Packages will be available in the update channel, and installed automatically.
F-Secure Internet Security 2006, 2007, 2007 Second Edition, 2008 Packages will be available in the update channel, and installed automatically.

 

Date Issued: 2008-02-13
Last Updated: 2008-02-19

Get Support online

For documentation and product support, visit our Support site.

 

Go Support

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.

Go to Community