A local user can rename arbitrary files to *.virus.
Status: Resolved. Hotfix 7 has been released to fix this vulnerability: https://www.f-secure.com/en/business/downloads/linux-security
It is possible for a local non-root user to cause arbitrary system files to be renamed to *.virus, leading to a permanent corruption (DoS) of the operating system. This vulnerability affects F-Secure Linux Security and requires that an attacker has gained prior access to a non-privileged user account on the machine.
This issue and a Proof-of-Concept exploit were reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
A malicious user must have file creation and code execution rights on the machine prior to successful exploitation.
|F-Secure Linux Security||
Hotfix 7 can be downloaded from: https://www.f-secure.com/en/business/downloads/linux-security
Note: This security hotfix is for Linux Security 11.XX versions. As per our Support Policy, users with older versions are advised to upgrade to a newer version with security hotfixes support.
F-Secure Corporation would like to thank RACK911LABS.COM for bringing this issue to our attention.
Date Issued: 2018-10-16