F-Secure Anti-Virus "Scan network drives" scan detection bypass

fsecure-scannetworkdrives-security-bypass (27502) The risk level is classified as MediumMedium Risk

Description:

Multiple F-Secure Anti-Virus products could allow malicious files on removable media devices to bypass scan detection. If the "Scan network drives" option is disabled, the application fails to scan files that are on removable media. An attacker could exploit this vulnerability by placing malicious files on removable media that would bypass scan detection on vulnerable systems.


Consequences:

Bypass Security

Remedy:

Refer to F-Secure Security Bulletin FSC-2006-4 for patch or upgrade information. See References.

References:

  • F-Secure Security Bulletin FSC-2006-4: Scanning bypass vulnerability in antivirus products for Windows.
  • BID-18693: F-Secure Multiple Products Scan Evasion Vulnerabilities
  • CVE-2006-3490: F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when Scan network drives is disabled, which allows remote attackers to bypass anti-virus controls.
  • OSVDB ID: 26876: F-Secure Antivirus Removable Media Scan Failure
  • SA20858: F-Secure Antivirus Products Scanning Bypass Vulnerability
  • SECTRACK ID: 1016400: F-Secure Internet Security May Not Scan Files With Modified Filenames
  • SECTRACK ID: 1016401: F-Secure Anti-Virus May Not Scan Files With Modified Filenames
  • VUPEN/ADV-2006-2573: F-Secure Products Executable File Handling Real-time Scanning Bypass Vulnerabilities

Platforms Affected:

  • F-Secure Anti-Virus Client Security 6.01 and prior
  • F-Secure Anti-Virus for Citrix Servers 5.50 - 5.52
  • F-Secure Anti-Virus for MIMEsweeper 5.61 and prior
  • F-Secure Anti-Virus for Windows Servers 5.52
  • F-Secure Anti-Virus for Workstation 5.44
  • F-Secure AntiVirus for Windows 2003 - 2006
  • F-Secure Internet Security for SPs 6.xx
  • F-Secure Internet Security for Windows 2003 - 2006

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page