Security Advisories
FSC-2020-3: Multiple Buffer Overflow Vulnerabilities in F-Secure Linux Security
Summary
Multiple buffer overflow vulnerabilities can lead local privilege escalation.
STATUS: RESOLVED
RISK LEVEL: MEDIUM
FIX: Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
Affected Products
Corporate Products:
- F-Secure Linux Security version 11.xx
- F-Secure PSB Linux Security version 11.xx
- F-Secure Policy Manager for Linux 11.xx
Platforms
- All supported platforms of the affected products
More Information
A vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products allows multiple buffer overflows if the input is larger than the destination. The exploit can be triggered locally by an attacker. A successful attack can lead to local privilege escalation.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Mitigating Factors
An attacker would require local code execution rights for successful exploitation.
Fix Available
| Product | Versions | Fix |
|---|---|---|
| F-Secure Linux Security | 11.xx | Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security |
Credits
F-Secure Corporation would like to thank Gustav Larsson (https://gustavlarsson.fi) for bringing this issue to our attention.
Date Issued: 2020-11-12