Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2010-1: Malformed Archive Bypass Vulnerability

 

Brief Description

Malware inside specially crafted 7Z, GZIP, CAB or RAR archive files may remain undetected. The issue with 7Z archive files is corrected automatically in all affected products. Fixing the issue with other archive files may require manual installation of a fix on some systems.

Affected Platforms   

All platforms supported by the affected products.

Products

Risk Level: MEDIUM (Low/Medium/High/Critical)

•  Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 9 and earlier
•  F-Secure Anti-Virus for Microsoft Exchange 9 and earlier
•  F-Secure Internet Gatekeeper for Windows 6.61 and earlier
•  F-Secure Internet Gatekeeper for Linux 4.02 and earlier
•  F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier

Notes
These products are typically deployed in a role where they scan files in transit to other systems. Failure to detect malware inside the specially crafted archives does not put the integrity of these systems into danger, but is a failure to perform the products’ main task and can lead to increased risk for other systems. All administrators of these products are instructed to check if manual actions are required, and make sure that the needed fixes are applied.

 

Risk Level: LOW (Low/Medium/High/Critical)

•  F-Secure Internet Security 2010 and earlier
•  F-Secure Anti-Virus 2010 and earlier
•  F-Secure Home Server Security 2009
•  Solutions based on F-Secure Protection Service for Consumers version 9 and earlier
•  Solutions based on F-Secure Protection Service for Business - Workstation security version 9 and earlier
•  Solutions based on F-Secure Protection Service for Business - Server Security version 8 and earlier
•  Services based on F-Secure Mac Protection build 8060 and earlier
•  F-Secure Client Security 9 and earlier
•  F-Secure Anti-Virus for Workstations 9 and earlier
•  F-Secure Anti-Virus for Windows Servers 9 and earlier
•  F-Secure Linux Security 7.03 and earlier
•  F-Secure Anti-Virus Linux Client Security 5.54 and earlier
•  F-Secure Anti-Virus Linux Server Security 5.54 and earlier
•  F-Secure Anti-Virus for Linux Servers 4.65
•  F-Secure Anti-Virus for Citrix Servers 9 and earlier

Notes
These products support scanning inside archive files to detect malware that enter the system at an early stage. Failure to detect the malware inside the archives will delay detection. But the malware will still be detected when extracted or executed. Administrators of these systems can check the list of available fixes to ensure maximal protection.
 

Mitigating Factors

A fix for the problem has been distributed through the update channel for many products. User actions are needed only for products that don’t support automatic update of software components.

The vulnerability does not affect the products’ ability to detect malware that has been extracted from the archive types affected. Failure to detect malware inside the archive may just delay detection or make it possible to pass on archives containing infected files.

Credit

F-Secure want to thank ReversingLabs (http://www.reversinglabs.com) for reporting this issue.

Patch Available

Product Versions Download
F-Secure Internet Security
F-Secure Anti-Virus
All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - E-mail and Server security All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Workstation security All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Server Security All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Consumers version All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Services based on F-Secure Mac Protection All versions Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Client Security 8 - 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Workstations 8 - 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Windows Servers 8 - 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Microsoft Exchange 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Citrix Servers 8 - 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse662-10.zip
F-Secure Anti-Virus for Microsoft Exchange 7.10 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse710-06.zip
F-Secure Anti-Virus for Microsoft Exchange 8.00 ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse800-03.zip
F-Secure Anti-Virus for Citrix Servers 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAV744-11.fsfix
F-Secure Internet Gatekeeper for Linux 2.16 – 4.02 ftp://ftp.f-secure.com/support/hotfix/fsav-linux/libfm.4.10.16130.tar.gz

Upgrade to version 4.03: http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/
F-Secure Internet Gatekeeper for Windows 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-06.zip
F-Secure Anti-Virus for MIMEsweeper 5.61 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSR561-05.fsfix
F-Secure Linux Security 7.03 ftp://ftp.f-secure.com/support/hotfix/fsav-linux/libfm.4.10.16130.tar.gz

Date Issued: 2010-04-12
Last Updated: 2010-04-12

Get Support online

For documentation and product support, visit our Support site.

 

F-Secure Community

 
Give advice. Get advice. Share the knowledge on our free discussion forum.