LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

URGENT: F-Secure Security Bulletin FSC-2006-1

Nathan Brindle <[log in to unmask]>

Mon, 23 Jan 2006 12:17:46 -0500

text/plain (57 lines)

Applies to LISTSERV sites running the following versions of F-Secure 
Anti-Virus:

- F-Secure Anti-Virus for Workstations v. 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers v. 5.52 and earlier
- F-Secure Anti-Virus for Servers (Linux) v. 4.64 and earlier

Note:  The complete bulletin is available at 
http://www.f-secure.com/security/fsc-2006-1.shtml .  This is a digest 
cut down to highlight only the FSAV versions certified by L-Soft.

F-Secure Security Bulletin FSC-2006-1
Code execution vulnerability in ZIP and RAR-archive handling

Date issued: 2006-01-19
Last updated: 2006-01-20
Risk factor: Critical (Low/Medium/High/Critical)
Brief description: Specially crafted ZIP archives may be used to 
execute code on affected systems. Both RAR- and ZIP-archives can in 
addition be crafted to avoid successful scanning and obfuscate 
malicious code in the archive.

Issue: It is possible to create specially crafted ZIP archives that 
cause a buffer overflow. This allows an attacker to execute code of 
his choice on affected systems. It is in addition possible to create 
malformed RAR- and ZIP-archives that cannot be scanned properly. This 
can lead to a false negative scan result.

Risk Factor: Critical

Gateway installations that scan web (HTTP, FTP) and mail (SMTP, POP) 
traffic are vulnerable. These machines are typically scanning a large 
number of archive files with the scan inside archives setting 
enabled. Server products that are configured to use scheduled 
on-demand scans are also likely to be vulnerable. This makes products 
in this category the most likely target for attacks.

F-Secure recommends all users of the mentioned gateway and server 
products to install the hotfix or upgrade to a version that is not 
affected (if available).

Product Versions Hotfix ID Download

F-Secure Anti-Virus for Workstations 5.42-5.44 fsavwk617-02 
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk617-02-signed.fsfix

F-Secure Anti-Virus for Windows Servers 5.42-5.52 fsavsr552-02 
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-02-signed.fsfix

F-Secure Anti-Virus for Linux Servers 4.63-4.64 Updated binary 
ftp://ftp.f-secure.com/support/hotfix/fsav-linux/fsav-fsigk-linux-FSC-2006-1-hotfix.tgz

Sincerely,
Nathan Brindle
Sr. Product Engineer
L-Soft international, Inc.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM