F-Secure Anti-Virus filename scan detection bypass

fsecure-antivirus-filename-security-bypass (27498) The risk level is classified as MediumMedium Risk

Description:

Multiple F-Secure Anti-Virus products are vulnerable to a security bypass caused by improper validation of filenames. A remote attacker could exploit this vulnerability by creating a malicious file containing a specially-crafted filename that would bypass scan detection on vulnerable systems.


Consequences:

Bypass Security

Remedy:

Refer to F-Secure Security Bulletin FSC-2006-4 for patch or upgrade information. See References.

References:

  • F-Secure Security Bulletin FSC-2006-4: Scanning bypass vulnerability in antivirus products for Windows.
  • BID-18693: F-Secure Multiple Products Scan Evasion Vulnerabilities
  • CVE-2006-3489: F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename.
  • OSVDB ID: 26875: F-Secure Antivirus Crafted Executable Name Scan Bypass
  • SA20858: F-Secure Antivirus Products Scanning Bypass Vulnerability
  • SECTRACK ID: 1016400: F-Secure Internet Security May Not Scan Files With Modified Filenames
  • SECTRACK ID: 1016401: F-Secure Anti-Virus May Not Scan Files With Modified Filenames
  • VUPEN/ADV-2006-2573: F-Secure Products Executable File Handling Real-time Scanning Bypass Vulnerabilities

Platforms Affected:

  • F-Secure Anti-Virus Client Security 6.01 and prior
  • F-Secure Anti-Virus for Citrix Servers 5.50 - 5.52
  • F-Secure Anti-Virus for MIMEsweeper 5.61 and prior
  • F-Secure Anti-Virus for Windows Servers 5.52
  • F-Secure Anti-Virus for Workstation 5.44
  • F-Secure AntiVirus for Windows 2003 - 2006
  • F-Secure Internet Security for SPs 6.xx
  • F-Secure Internet Security for Windows 2003 - 2006

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page