Applies to LISTSERV sites running the following versions of F-Secure
Anti-Virus:
- F-Secure Anti-Virus for Workstations v. 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers v. 5.52 and earlier
- F-Secure Anti-Virus for Servers (Linux) v. 4.64 and earlier
Note: The complete bulletin is available at
http://www.f-secure.com/security/fsc-2006-1.shtml . This is a digest
cut down to highlight only the FSAV versions certified by L-Soft.
F-Secure Security Bulletin FSC-2006-1
Code execution vulnerability in ZIP and RAR-archive handling
Date issued: 2006-01-19
Last updated: 2006-01-20
Risk factor: Critical (Low/Medium/High/Critical)
Brief description: Specially crafted ZIP archives may be used to
execute code on affected systems. Both RAR- and ZIP-archives can in
addition be crafted to avoid successful scanning and obfuscate
malicious code in the archive.
Issue: It is possible to create specially crafted ZIP archives that
cause a buffer overflow. This allows an attacker to execute code of
his choice on affected systems. It is in addition possible to create
malformed RAR- and ZIP-archives that cannot be scanned properly. This
can lead to a false negative scan result.
Risk Factor: Critical
Gateway installations that scan web (HTTP, FTP) and mail (SMTP, POP)
traffic are vulnerable. These machines are typically scanning a large
number of archive files with the scan inside archives setting
enabled. Server products that are configured to use scheduled
on-demand scans are also likely to be vulnerable. This makes products
in this category the most likely target for attacks.
F-Secure recommends all users of the mentioned gateway and server
products to install the hotfix or upgrade to a version that is not
affected (if available).
Product Versions Hotfix ID Download
F-Secure Anti-Virus for Workstations 5.42-5.44 fsavwk617-02
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk617-02-signed.fsfix
F-Secure Anti-Virus for Windows Servers 5.42-5.52 fsavsr552-02
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-02-signed.fsfix
F-Secure Anti-Virus for Linux Servers 4.63-4.64 Updated binary
ftp://ftp.f-secure.com/support/hotfix/fsav-linux/fsav-fsigk-linux-FSC-2006-1-hotfix.tgz
Sincerely,
Nathan Brindle
Sr. Product Engineer
L-Soft international, Inc.