Multiple buffer overflow vulnerabilities can lead local privilege escalation.
STATUS: RESOLVED
RISK LEVEL: MEDIUM
FIX: Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
Corporate Products:
A vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products allows multiple buffer overflows if the input is larger than the destination. The exploit can be triggered locally by an attacker. A successful attack can lead to local privilege escalation.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
An attacker would require local code execution rights for successful exploitation.
Product | Versions | Fix |
---|---|---|
F-Secure Linux Security | 11.xx | Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security |
F-Secure Corporation would like to thank Gustav Larsson (https://gustavlarsson.fi) for bringing this issue to our attention.
Date Issued: 2020-11-12