Applies to LISTSERV sites running the following versions of F-Secure Anti-Virus: - F-Secure Anti-Virus for Workstations v. 5.44 and earlier - F-Secure Anti-Virus for Windows Servers v. 5.52 and earlier - F-Secure Anti-Virus for Servers (Linux) v. 4.64 and earlier Note: The complete bulletin is available at http://www.f-secure.com/security/fsc-2006-1.shtml . This is a digest cut down to highlight only the FSAV versions certified by L-Soft. F-Secure Security Bulletin FSC-2006-1 Code execution vulnerability in ZIP and RAR-archive handling Date issued: 2006-01-19 Last updated: 2006-01-20 Risk factor: Critical (Low/Medium/High/Critical) Brief description: Specially crafted ZIP archives may be used to execute code on affected systems. Both RAR- and ZIP-archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive. Issue: It is possible to create specially crafted ZIP archives that cause a buffer overflow. This allows an attacker to execute code of his choice on affected systems. It is in addition possible to create malformed RAR- and ZIP-archives that cannot be scanned properly. This can lead to a false negative scan result. Risk Factor: Critical Gateway installations that scan web (HTTP, FTP) and mail (SMTP, POP) traffic are vulnerable. These machines are typically scanning a large number of archive files with the scan inside archives setting enabled. Server products that are configured to use scheduled on-demand scans are also likely to be vulnerable. This makes products in this category the most likely target for attacks. F-Secure recommends all users of the mentioned gateway and server products to install the hotfix or upgrade to a version that is not affected (if available). Product Versions Hotfix ID Download F-Secure Anti-Virus for Workstations 5.42-5.44 fsavwk617-02 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk617-02-signed.fsfix F-Secure Anti-Virus for Windows Servers 5.42-5.52 fsavsr552-02 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-02-signed.fsfix F-Secure Anti-Virus for Linux Servers 4.63-4.64 Updated binary ftp://ftp.f-secure.com/support/hotfix/fsav-linux/fsav-fsigk-linux-FSC-2006-1-hotfix.tgz Sincerely, Nathan Brindle Sr. Product Engineer L-Soft international, Inc.