Security Advisories

FSC-2020-3: Multiple Buffer Overflow Vulnerabilities in F-Secure Linux Security

Summary

Multiple buffer overflow vulnerabilities can lead local privilege escalation.

STATUS: RESOLVED

RISK LEVEL: MEDIUM

FIX: Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security

Affected Products

Corporate Products:

  • F-Secure Linux Security version 11.xx
  • F-Secure PSB Linux Security version 11.xx
  • F-Secure Policy Manager for Linux 11.xx

Platforms

  • All supported platforms of the affected products

More Information

A vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products allows multiple buffer overflows if the input is larger than the destination. The exploit can be triggered locally by an attacker. A successful attack can lead to local privilege escalation. 

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Mitigating Factors

An attacker would require local code execution rights for successful exploitation.

Fix Available

Product Versions Fix
F-Secure Linux Security 11.xx Hotfix 10 has been published to fix this vulnerability. Download and instructions on:
https://www.f-secure.com/en/business/downloads/linux-security

Credits

F-Secure Corporation would like to thank Gustav Larsson (https://gustavlarsson.fi) for bringing this issue to our attention.

Date Issued: 2020-11-12