Multiple F-Secure archive denial of service

fsecure-archive-dos (34581)

Low Risk

Description:

Multiple F-Secure Anti-Virus applications are vulnerable to a denial of service. By creating a specially-crafted ARJ archive or FSG packed executable file, a remote attacker could exploit this vulnerability to cause the application to enter an infinite loop, resulting in a denial of service, if the attacker could persuade the victim to scan a malicious file.

Platforms Affected:

• F-Secure, Anti-Virus 2005
• F-Secure, Anti-Virus 2006
• F-Secure, Anti-Virus 2007
• F-Secure, Anti-Virus Client Security 7.00 and prior
• F-Secure, Anti-Virus for Citrix Servers 5.52
• F-Secure, Anti-Virus for Linux Gateways 4.65 and prior
• F-Secure, Anti-Virus for Linux Servers 4.65 and prior
• F-Secure, Anti-Virus for MIMEsweeper 5.61 and prior
• F-Secure, Anti-Virus for MS Exchange 7.00 and prior
• F-Secure, Anti-Virus for Windows Servers 7.00 and prior
• F-Secure, Anti-Virus for Workstation 7.0 and prior
• F-Secure, Anti-Virus Linux Client Sec 5.52 and prior
• F-Secure, Anti-Virus Linux Server Sec 5.52 and prior
• F-Secure, Internet Gatekeeper 6.60 and prior
• F-Secure, Internet Gatekeeper for Linux 2.16 and prior
• F-Secure, Internet Security 2005
• F-Secure, Internet Security 2006
• F-Secure, Internet Security 2007
• F-Secure, Protection for Consumers 7.00 and prior

Remedy:

Refer to F-Secure Security Bulletin FSC-2007-3 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

• F-Secure Security Bulletin FSC-2007-3, Vulnerabilities in scanning of specially crafted archives and certain packed executables at http://www.f-secure.com/security/fsc-2007-3.shtml.
• Full-Disclosure Mailing List, Mon Jun 04 2007 - 11:52:21 CDT, n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory at http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0028.html.
• Full-Disclosure Mailing List, Mon Jun 04 2007 - 11:55:52 CDT, n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory at http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0029.html.
• BID-24234: Multiple F-Secure Products Packed Executables and Archives Denial of Service Vulnerability
• CVE-2007-2967: Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
• SA25440: F-Secure Packed Executable and Archive Scanning Denial of Service
• SECTRACK ID: 1018146: F-Secure Internet Security Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
• SECTRACK ID: 1018147: F-Secure Internet Gatekeeper Lets Remote Users Execute Arbitrary Code
• SECTRACK ID: 1018148: F-Secure Anti-Virus Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
• VUPEN/ADV-2007-1985: F-Secure Anti-Virus Products Code Execution and Denial of Service Vulnerabilities

Reported:

May 22, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page