F-Secure Anti-Virus filename scan detection bypass

fsecure-antivirus-filename-security-bypass (27498) The risk level is classified as MediumMedium Risk

Description:

Multiple F-Secure Anti-Virus products are vulnerable to a security bypass caused by improper validation of filenames. A remote attacker could exploit this vulnerability by creating a malicious file containing a specially-crafted filename that would bypass scan detection on vulnerable systems.

Platforms Affected:

  • F-Secure, Anti-Virus Client Security 6.01 and prior
  • F-Secure, Anti-Virus for Citrix Servers 5.50 - 5.52
  • F-Secure, Anti-Virus for MIMEsweeper 5.61 and prior
  • F-Secure, Anti-Virus for Windows Servers 5.52
  • F-Secure, Anti-Virus for Workstation 5.44 and prior
  • F-Secure, AntiVirus for Windows 2003 - 2006
  • F-Secure, Internet Security for SPs 6.xx
  • F-Secure, Internet Security for Windows 2003 - 2006

Remedy:

Refer to F-Secure Security Bulletin FSC-2006-4 for patch or upgrade information. See References.

Consequences:

Bypass Security

References:

  • F-Secure Security Bulletin FSC-2006-4, Scanning bypass vulnerability in antivirus products for Windows at http://www.f-secure.com/security/fsc-2006-4.shtml.
  • BID-18693: F-Secure Multiple Products Scan Evasion Vulnerabilities
  • CVE-2006-3489: F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename.
  • OSVDB ID: 26875: F-Secure Antivirus Crafted Executable Name Scan Bypass
  • SA20858: F-Secure Antivirus Products Scanning Bypass Vulnerability
  • SECTRACK ID: 1016400: F-Secure Internet Security May Not Scan Files With Modified Filenames
  • SECTRACK ID: 1016401: F-Secure Anti-Virus May Not Scan Files With Modified Filenames
  • VUPEN/ADV-2006-2573: F-Secure Products Executable File Handling Real-time Scanning Bypass Vulnerabilities

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page