Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2009-1: ZIP & RAR Archive Evasion Vulnerability

 

Brief Description

Malware inside specially crafted archive files remains undetected.

Affected Platforms   

All supported platforms
 

Products

Gateways

Risk Level: HIGH (Low/Medium/High/Critical)

•  F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier
•  F-Secure Internet Gatekeeper for Windows 6.61 and earlier
•  F-Secure Internet Gatekeeper for Linux 2.16 and earlier
•  F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier
•  Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier

Notes
The vulnerability may cause malware to remain undetected and pass through gateway scanners. The vulnerability does not compromise the integrity of the system used to run the product. Note that the Beta and Release Candidate versions of F-Secure Anti-Virus for Microsoft Exchange 8.0 are vulnerable. Users testing these versions are instructed to upgrade to the RTM version which is not vulnerable.
 

Clients and servers

Risk Level: LOW (Low/Medium/High/Critical)

•  F-Secure Internet Security 2009 and earlier
•  F-Secure Anti-Virus 2009 and earlier
•  F-Secure Client Security 8.0 and earlier
•  F-Secure Anti-Virus for Workstations 8.0 and earlier
•  F-Secure Linux Security 7.01 and earlier
•  F-Secure Anti-Virus Linux Client Security 5.54 and earlier
•  Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier
•  Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier
•  F-Secure Home Server Security 2009
•  F-Secure Anti-Virus for Windows Servers 8.00 and earlier
•  F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
•  F-Secure Linux Security 7.02 and earlier
•  F-Secure Anti-Virus Linux Server Security 5.54 and earlier
•  F-Secure Anti-Virus for Linux Servers 4.65
•  F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier

Notes
The vulnerability affects these products’ ability to scan inside archived files, but may in the worst case delay detection of malware, or enables the user to forward infected files to other systems. The severity is low as these products’ primary purpose is to protect the system they run on rather than stopping malware in transit. These products will not be patched as a direct result of this advisory, but they receive fixes as part of normal version upgrades.
 

Mitigating Factors

The vulnerability only affects the antivirus software’s ability to scan inside compressed archives. In general, compressed archives are scanned in gateway environments. In a typical configuration, on-access scanning does not scan inside compressed archives. Therefore, the vulnerability is insignificant in client environments.

Attackers can exploit the vulnerability by sending malware inside specially-made compressed file archives to users. At the time of publishing, there are no known exploits.

Patch Available

Product Versions        Download
Solutions based on F-Secure Protection Service for Business - E-mail and Server security All supported versions Packages will be available in the update channel, and they are installed automatically.
F-Secure Anti-Virus for Microsoft Exchange 7.10 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse710-05.zip 

Upgrade to version 8:
http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse700-04.zip 

Upgrade to version 8:
http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse662-08.zip
Upgrade to version 8:
http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Internet Gatekeeper for Windows 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-04.zip
F-Secure Internet Gatekeeper for Linux 2.16 and earlier Upgrade to version 3.02:
http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/
F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier http://www.f-secure.co.jp/support/menu.html 

Note: This hotfix is intended only for the Japanese version of the product.

F-Secure deliver patches to its supported product versions that are vulnerable. See further information on supported products and F-Secure’s Product Lifecycle Policy.

Revision history: FSC-2009-05-06

Date Issued: 2009-05-06
Last Updated: 2009-05-06

Get Support online

For documentation and product support, visit our Support site.

 

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.