Skip to navigation
Skip to content
Skip to secondary-content

F-Secure

Tools

Navigation

Subnavigation

Security Advisory

Where You Are

Home
Support
Security Advisory
Security Advisory FSC-2006-3

Security Advisory FSC-2006-3

Buffer overflow in Web console of F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper

Date issued	2006-06-01
Last updated	2006-06-01
Risk factor	High (Low/Medium/High/Critical)
Brief description	There is buffer overflow vulnerability in the web console before authentication takes place. The overflow may crash the web console process. By default the connections are only allowed from the local host. To solve the problem apply the appropriate hotfix.
Software	F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper
Affected versions	F-Secure Anti-Virus for Microsoft Exchange 6.40 F-Secure Internet Gatekeeper 6.50, 6.42, 6.41, 6.40 versions
Affected platforms	All platforms supported by the affected products
Advisory location	http://www.f-secure.com/security/fsc-2006-3.shtml
Issue	There is a buffer overflow vulnerability in the web console before authentication takes place. The overflow may crash the web console process leaving the product running without web console access. By default the connections are only allowed from the local host. It may be possible to execute arbitrary code with this vulnerability. There are no known exploits for this currently. To solve the problem apply the appropriate hotfix.
Products	F-Secure Anti-Virus for Microsoft Exchange 6.40 F-Secure Internet Gatekeeper 6.50, 6.42, 6.41, 6.40 versions
Scenario 1	Default configuration. Web Console is configured by default to accept connections only from the local host.
Risk factor	Medium There is a possibility to exploit the buffer overflow vulnerability from the local host. To solve the problem apply the appropriate hotfix.
Scenario 2	Web Console is configured to allow connections from specific/trusted hosts.
Risk factor	Medium There is a possibility to exploit the buffer overflow vulnerability from those hosts that the connections are allowed from. To solve the problem apply the appropriate hotfix.
Scenario 3	The Web Console is configured to allow connections from all hosts.
Risk factor	Critical There is a possibility to exploit buffer overflow vulnerability from all hosts. To solve the problem apply the appropriate hotfix.
Mitigating factors	Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are configured by default to accept local host connections only meaning that it is possible to access the Web Console only from the local machine. There is no known exploit for this buffer overflow.

Available patches:

Product	Versions	Hotfix ID	Download
F-Secure Anti-Virus for Microsoft Exchange	6.40	Apply hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip
F-Secure Internet Gatekeeper	6.50	Upgrade to F-Secure Internet Gatekeeper 6.60 or apply hotfix for the F-Secure Internet Gatekeeper 6.50: ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip
F-Secure Internet Gatekeeper	6.42, 6.41, 6.40	Upgrade to F-Secure Internet Gatekeeper 6.60

Credits:	We thank Mikko Korppi for bringing this issue to our attention.
Revision history	FSC-2006-3 / 2006-06-01

Contact information:
Support: http://www.f-secure.com/en_EMEA/support/