| |||||
|
F-Secure Security Bulletin FSC-2004-1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| Date issued | 2004-05-26 |
| Revision history | FSC-2004-1.1 - 2004-05-26 |
| Risk factor | High (Low/Medium/High/Critical) |
| Brief description | Certain malformed LHA archives cause a buffer overflow when scanning them for viruses. The error typically causes restart of one of the modules in the product. This leads to performance degradation and makes denial of service attacks possible. Installing a hotfix solves the problem. |
| Affected software | F-Secure's antivirus products |
| Affected versions | F-Secure Anti-Virus for Workstation 5.42 and earlier F-Secure Anti-Virus for Windows Servers 5.42 and earlier F-Secure Anti-Virus for MIMEsweeper 5.42 and earlier F-Secure Anti-Virus Client Security 5.52 and earlier F-Secure Anti-Virus for MS Exchange 6.21 and earlier F-Secure Internet Gatekeeper 6.32 and earlier F-Secure for Firewalls 6.20 and earlier F-Secure Internet Security 2004 and earlier F-Secure Anti-Virus 2004 and earlier Solutions based on F-Secure Personal Express 4.5x, 4.6x and 4.7x F-Secure Anti-Virus for Linux Workstations 4.52 and earlier F-Secure Anti-Virus for Linux Servers 4.52 and earlier F-Secure Anti-Virus for Linux Gateways 4.52 and earlier F-Secure Anti-Virus for Samba Servers 4.60 |
| Affected platforms | All platforms supported by the affected products |
| Bulletin location | http://www.F-Secure.com/security/fsc-2004-1.shtml |
 |
|
| Issue: | Certain types of malformed LHA archives cause a buffer overflow in the module that accesses the contents of archive files. This error leads to an automatic shutdown and restart of that particular module. The computer does not restart or crash in this situation. The typical impact of this is a temporary performance degradation that may be used as a denial of service attack under some circumstances. The practical impact is different for different product groups. |
| Products: | F-Secure Internet Security 2004 F-Secure Anti-Virus 2004 Solutions based on F-Secure Personal Express 4.6x and 4.7x |
| Risk Factor: | Low These products contain the vulnerability but hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any actions. |
| Products: | F-Secure Anti-Virus for Workstations 5.42 and earlier F-Secure Anti-Virus for Windows Servers 5.42 and earlier F-Secure Anti-Virus Client Security 5.52 and earlier |
| Risk Factor: | Medium The on-access scanning feature of these products is not vulnerable in its default configuration. Scanning malformed archives of this type causes a module shutdown and restart if the scan inside archives setting is enabled. This has a temporary impact on the system performance. On-demand scans will terminate when the malformed file is encountered. This may prevent viruses in other files from being detected. Malformed archives in e-mails scanned by F-Secure Anti-virus Client security will cause a module shutdown and restart in a way that is similar to the on-access scanner. The mail message containing the malformed archive will be handled according to the product settings for malformed messages. F-Secure recommends users of these products to apply the hotfix. |
| Products: | F-Secure Anti-Virus for MIMEsweeper 5.42 and earlier F-Secure Internet Gatekeeper 6.32 and earlier F-Secure for Firewalls 6.20 and earlier |
| Risk Factor: | Medium Gateway products that encounter a malformed archive of this kind will shut down and restart the offending module automatically. The performance degradation caused by this may be used as a denial of service attack. Mail containing this kind of malformed archives will be handled according to the product settings for malformed messages. F-Secure recommends users of these gateway products to apply the hotfix as soon as possible. |
| Products: | F-Secure Anti-Virus for MS Exchange 6.21 and earlier |
| Risk Factor: | High A malformed archive of this kind may cause an endless loop and stop the MS Exchange scanner from processing mail messages until the product is restarted. F-Secure recommends users of this gateway product to apply the hotfix as soon as possible. |
| Products: | F-secure Anti-Virus for Workstations 5.31 and earlier F-secure Anti-Virus for Windows Servers 5.31 and earlier |
| Risk Factor: | High These outdated products are not able to handle the buffer overflow and may cause a system crash if malformed archives of this kind are scanned. F-secure recommends users of these outdated versions to upgrade to the latest supported version as soon as possible and apply the required hotfix if needed.
|
| Products: | F-Secure Anti-Virus for Linux Workstations 4.52 and earlier F-Secure Anti-Virus for Linux Servers 4.52 and earlier F-Secure Anti-Virus for Linux Gateways 4.52 and earlier F-Secure Anti-Virus for Samba Servers 4.60 |
| Risk Factor: | Medium The malformed archive will cause a shutdown and restart of the engine instance that handled it. This leads to a temporary performance degradation. The impact on system throughput should only be significant in heavily loaded mail scanning applications. F-Secure recommends users of these products to apply the hotfix.
|
| Mitigating Factors: |
|
| Patch Availability: | |
| Contact Information: | Support: http://support.f-secure.com Security email: security@F-Secure.com |