FSC-2020-2: Local Non-Root User Can Rename or Delete System Files in Linux Security
Summary
A local user can rename or delete arbitrary files owned by root in Linux Security.
STATUS: RESOLVED
RISK LEVEL: LOW
FIX: Hotfix 9 was published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
Affected Products
Corporate Products:
- F-Secure Linux Security Version 11.00
- F-Secure Linux Security Version 11.10
- F-Secure Linux Security 64
Platforms
- All supported platforms of the affected products
More Information
It is possible for a local non-root user to cause arbitrary system files to be renamed or deleted, leading to a permanent corruption (DoS) of the operating system or to disabled antivirus software. This requires that an attacker has gained prior access to a non-privileged user account on the machine. This vulnerability affects F-Secure Linux Security 11-series and F-Secure Linux Security 64.
Technical details are available from the researcher's website:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
Note: No known attacks have been reported or observed in the wild.
Mitigating Factors
For F-Secure Linux Security 64, the fix 12.0.146 was released to production via automatic update channel on 2020-04-29.
Fix Available
| Product | Versions | Fix |
|---|---|---|
| F-Secure Linux Security | 11.00 11.10 |
Hotfix 9 was published to fix this vulnerability. Download and instructions on: |
Date Issued: 2020-05-19