A local user can rename arbitrary files to *.virus.
Status: Resolved. Hotfix 7 has been released to fix this vulnerability: here
It is possible for a local non-root user to cause arbitrary system files to be renamed to *.virus, leading to a permanent corruption (DoS) of the operating system. This vulnerability affects F-Secure Linux Security and requires that an attacker has gained prior access to a non-privileged user account on the machine.
This issue and a Proof-of-Concept exploit were reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
A malicious user must have file creation and code execution rights on the machine prior to successful exploitation.
F-Secure Corporation would like to thank RACK911LABS.COM for bringing this issue to our attention.
Date Issued: 2018-10-16