F-Secure Products RPM File Handling Integer Overflow Vulnerability

Impact

• Denial of Service
• Remote Code Execution

System / Technologies affected

• F-Secure Internet Security 2008
• F-Secure Internet Security 2007 Second Edition
• F-Secure Internet Security 2007
• F-Secure Internet Security 2006
• F-Secure Anti-Virus 2008
• F-Secure Anti-Virus 2007 Second Edition
• F-Secure Anti-Virus 2007
• F-Secure Anti-Virus 2006
• F-Secure Client Security 7.12 and prior
• F-Secure Anti-Virus for Workstations 7.11 and prior
• F-Secure Linux Security 7.01 and prior
• F-Secure Anti-Virus Linux Client Security 5.54 and prior
• Solutions based on F-Secure Protection Service for Consumers version 8.00 and prior
• Solutions based on F-Secure Protection Service for Business version 3.10 and prior
• F-Secure Home Server Security 2009
• F-Secure Anti-Virus for Windows Servers 8.00 and prior
• F-Secure Anti-Virus for Citrix Servers 7.00 and prior
• F-Secure Linux Security 7.01 and prior
• F-Secure Anti-Virus Linux Server Security 5.54 and prior
• F-Secure Anti-Virus for Linux Servers 4.65
• F-Secure Anti-Virus for Microsoft Exchange 7.10 and prior
• F-Secure Internet Gatekeeper for Windows 6.61 and prior
• F-Secure Internet Gatekeeper for Linux 2.16 and prior
• F-Secure Anti-Virus for Linux Gateways 4.65
• F-Secure Anti-Virus for MIMEsweeper 5.61 and prior
• F-Secure Messaging Security Gateway 5.0.4 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

• Apply patches :
  http://www.f-secure.com/security/fsc-2008-3.shtml

Vulnerability Identifier

• No CVE information is available

Source

• FrSIRT
• Secunia
• F-Secure

Related Link

• http://www.frsirt.com/english/advisories/2008/2874
• http://secunia.com/advisories/32352/
• http://www.f-secure.com/security/fsc-2008-3.shtml