| Date issued |
2007-05-30 |
| Last updated |
2007-05-22 |
| Risk factor |
High (Low/Medium/High/Critical) |
| Brief description |
Specially crafted archives and packed executables set antivirus scanning to loop.
|
| Software |
F-Secure's Anti-Virus products for Microsoft Windows and Linux
|
| Affected versions |
F-Secure Anti-Virus for Workstations version 7.00 and earlier
F-Secure Anti-Virus for Windows Servers version 7.00 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Anti-Virus Client Security version 7.00 and earlier
F-Secure Anti-Virus for MS Exchange version 7.00 and earlier
F-Secure Internet Gatekeeper version 6.60 and earlier
F-Secure Internet Security 2005, 2006 and 2007
F-Secure Anti-Virus 2005, 2006 and 2007
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
F-Secure Anti-Virus Linux Client Security 5.52 and earlier
F-Secure Anti-Virus Linux Server Security 5.52 and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier
|
| Affected platforms |
All platforms supported by the affected products |
| Bulletin location |
http://www.f-secure.com/security/fsc-2007-3.shtml |
 |
| Issue: |
Specially crafted archives and packed executables allow attacker to create denial-of-service condition in F-Secure antivirus solutions, by causing a loop in file scanning.
|
| Products: |
F-Secure Internet Security 2005, 2006 and 2007
F-Secure Anti-Virus 2005, 2006 and 2007
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
|
| Risk Factor: |
High
These products contain the described vulnerabilities. However recent antivirus database updates have automatically fixed both of the mentioned issues, without any intervention needed by the user/administrator.
|
| Products: |
F-Secure Anti-Virus for Workstations 7.00 and earlier
|
| Risk Factor: |
High
These products contain the described vulnerabilities. However recent antivirus database updates have automatically fixed both of the mentioned issues, without any intervention needed by the user/administrator.
|
| Products: |
F-Secure Anti-Virus Client Security version 7.00 and earlier
|
| Risk Factor: |
High
These products contain the described vulnerabilities. However recent antivirus database updates have automatically fixed both of the mentioned issues, without any intervention needed by the user/administrator.
|
| Server and gateway products: |
F-Secure Anti-Virus for Windows Servers 7.00 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52 and earlier
F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
F-Secure Internet Gatekeeper 6.60 and earlier
F-Secure Anti-Virus for MS Exchange version 7.00 and earlier
F-Secure Anti-Virus Linux Server Security 5.52 and earlier
F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
F-Secure Internet Gatekeeper for Linux 2.16
|
| Risk Factor: |
High
These products contain the described vulnerabilities. However recent antivirus database updates have automatically fixed both of the mentioned issues, without any intervention needed by the user/administrator.
|
| Mitigating Factors: |
- Exploitation of the vulnerabilities requires specially crafted archives or packed executables.
- Vulnerability in archive scanning concerns only those products that scan inside archives by default.
- These issues have been fixed automatically in F-Secure database updates. This applies all the affected product versions with the exception of deployments not using automatic or automated scripts for the updates.
|
| Patch availability: |
| Product | Versions | Hotfix ID | Download |
| F-Secure Internet Security 2005 - 2007 | 2005 - 2007 | Fixed automatically in database updates |
| F-Secure Anti-Virus 2005 - 2007 | 2005 - 2007 |
| F-Secure Protection Service for Consumers | 7.00 and earlier |
| F-Secure Anti-Virus for Workstations | 5.44 - 7.00 |
| F-Secure Anti-Virus Client Security | 6.00 - 7.00 |
| F-Secure Anti-Virus for Windows Servers | 5.52 - 7.00 |
| F-Secure Anti-Virus for Citrix Servers | 5.50 - 5.52 |
| F-Secure Anti-Virus for MIMEsweeper | 5.61 |
| F-Secure Anti-Virus for MS Exchange | 6.40 - 6.62 |
| F-Secure Internet Gatekeeper | 6.60 |
| F-Secure Anti-Virus for Linux Servers | 4.64 - 4.65 |
| F-Secure Anti-Virus for Linux Gateways | 4.64 - 4.65 |
| F-Secure Anti-Virus Linux Client Security | 5.30 - 5.52 |
| F-Secure Anti-Virus Linux Server Security | 5.30 - 5.52 |
| F-Secure Internet Gatekeeper for Linux | 2.16 |
|
| Credits: |
F-Secure wants to thank Sergio Alvarez in n.runs AG for reporting these issues.
|
| Revision History: |
FSC-2007-3 - 2007-05-30
|
![](/images/pixel.gif"){kind=tracking}
