TITLE: F-Secure Multiple Products ARJ Archive Handling Vulnerability SECUNIA ADVISORY ID: SA14216 VERIFY ADVISORY: http://secunia.com/advisories/14216/ CRITICAL: Highly critical IMPACT: System access WHERE: >>From remote SOFTWARE: F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Security 2005 http://secunia.com/product/4300/ DESCRIPTION: ISS X-Force has reported a vulnerability in multiple F-Secure products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the antivirus scanning functionality when processing ARJ archives. This can be exploited to cause a buffer overflow via a specially crafted ARJ archive. Successful exploitation allows execution of arbitrary code, but requires that the malicious ARJ archive is scanned with archive scanning enabled. The following products are affected: * F-Secure Anti-Virus for Workstation version 5.43 and earlier * F-Secure Anti-Virus for Windows Servers version 5.50 and earlier * F-Secure Anti-Virus for Citrix Servers version 5.50 * F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier * F-Secure Anti-Virus Client Security version 5.55 and earlier * F-Secure Anti-Virus for MS Exchange version 6.31 and earlier * F-Secure Internet Gatekeeper version 6.41 and earlier * F-Secure Anti-Virus for Firewalls version 6.20 and earlier * F-Secure Internet Security 2004 and 2005 * F-Secure Anti-Virus 2004 and 2005 * Solutions based on F-Secure Personal Express version 5.10 and earlier * F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier * F-Secure Anti-Virus for Linux Servers version 4.61 and earlier * F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier * F-Secure Anti-Virus for Samba Servers version 4.60 * F-Secure Anti-Virus Linux Client Security 5.01 and earlier * F-Secure Anti-Virus Linux Server Security 5.01 and earlier * F-Secure Internet Gatekeeper for Linux 2.06 SOLUTION: Apply patches (see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Alex Wheeler, ISS X-Force. ORIGINAL ADVISORY: F-Secure: http://www.f-secure.com/security/fsc-2005-1.shtml ISS: http://xforce.iss.net/xforce/alerts/id/188 ---------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html