F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BID:24235
Info
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
| Bugtraq ID: | 24235 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2966 |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2007 12:00AM |
| Updated: | Nov 04 2008 02:45AM |
| Credit: | The vendor credits Tavis Ormandy and Sergio Alvarez with the discovery of this vulnerability. |
| Vulnerable: |
F-Secure Internet Security 2007 0 F-secure Internet Security 2006 0 F-Secure Internet Security 2005 F-Secure Internet Gatekeeper for Linux 2.16 F-Secure Internet Gatekeeper 6.42 F-Secure Internet Gatekeeper 6.41 F-Secure Internet Gatekeeper 6.40 0 F-Secure Internet Gatekeeper 6.32 F-Secure Internet Gatekeeper 6.31 F-Secure Internet Gatekeeper 6.3 F-Secure Internet Gatekeeper 6.60 F-Secure Internet Gatekeeper 6.50 F-Secure Anti-Virus Linux Server Security 5.11 F-Secure Anti-Virus Linux Server Security 5.0 4 F-Secure Anti-Virus Linux Server Security 5.0 1 F-Secure Anti-Virus Linux Server Security 5.0 F-Secure Anti-Virus Linux Server Security 5.30 F-secure Anti-Virus Linux Client Security 5.11 F-secure Anti-Virus Linux Client Security 5.0.4 F-secure Anti-Virus Linux Client Security 5.0 1 F-secure Anti-Virus Linux Client Security 5.0 F-secure Anti-Virus Linux Client Security 5.30 F-Secure Anti-Virus for Workstations 5.44 F-Secure Anti-Virus for Workstations 5.43 F-Secure Anti-Virus for Workstations 5.42 F-Secure Anti-Virus for Workstations 5.41 F-Secure Anti-Virus for Workstations 5.40 F-Secure Anti-Virus for Windows Servers 5.52 F-Secure Anti-Virus for Windows Servers 5.50 F-Secure Anti-Virus for Windows Servers 5.42 F-Secure Anti-Virus for Windows Servers 5.41 F-Secure Anti-Virus for MS Exchange 6.40 F-Secure Anti-Virus for MS Exchange 6.31 F-Secure Anti-Virus for MS Exchange 6.31 F-Secure Anti-Virus for MS Exchange 6.30 Service Release 1 F-Secure Anti-Virus for MS Exchange 6.21 F-Secure Anti-Virus for MS Exchange 6.3 0 F-Secure Anti-Virus for MS Exchange 6.2 F-Secure Anti-Virus for MS Exchange 6.0 1 F-Secure Anti-Virus for MIMEsweeper 5.61 F-Secure Anti-Virus for MIMEsweeper 5.51 F-Secure Anti-Virus for MIMEsweeper 5.50 F-Secure Anti-Virus for MIMEsweeper 5.42 F-Secure Anti-Virus for MIMEsweeper 5.41 F-Secure Anti-Virus for Linux Servers 4.64 F-Secure Anti-Virus for Linux Servers 4.61 F-Secure Anti-Virus for Linux Servers 4.52 F-Secure Anti-Virus for Linux Servers 4.51 F-Secure Anti-Virus for Linux Servers 4.65 F-Secure Anti-Virus for Linux Gateways 4.64 F-Secure Anti-Virus for Linux Gateways 4.61 F-Secure Anti-Virus for Linux Gateways 4.52 F-Secure Anti-Virus for Linux Gateways 4.51 F-Secure Anti-Virus for Linux Gateways 2.16 F-Secure Anti-Virus for Linux Gateways 4.65 F-Secure Anti-Virus for Citrix Servers 5.52 F-Secure Anti-Virus for Citrix Servers 5.5 F-Secure Anti-Virus Client Security 6.0 1 F-Secure Anti-Virus Client Security 5.55 F-Secure Anti-Virus Client Security 5.54 F-Secure Anti-Virus Client Security 5.52 F-Secure Anti-Virus Client Security 5.50 F-Secure Anti-Virus Client Security 6.03 F-Secure Anti-Virus Client Security 6.02 F-Secure Anti-Virus 2007 0 F-Secure Anti-Virus 2006 0 F-secure Anti-Virus 2005 |
| Not Vulnerable: | |
Discussion
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.
Exploit / POC
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
Solution:
The vendor has released patches to address this issue.
F-Secure Internet Gatekeeper for Linux 2.16
F-Secure Anti-Virus Client Security 6.03
F-Secure Anti-Virus Client Security 6.02
F-Secure Internet Gatekeeper 6.60
F-Secure Anti-Virus Linux Server Security 5.30
F-Secure Anti-Virus for Linux Servers 4.65
F-secure Anti-Virus Linux Client Security 5.30
F-Secure Anti-Virus for Linux Gateways 4.65
F-Secure Anti-Virus for Linux Servers 4.64
F-Secure Anti-Virus for Linux Gateways 4.64
F-Secure Anti-Virus for Workstations 5.44
F-Secure Anti-Virus for Citrix Servers 5.5
F-Secure Anti-Virus for Windows Servers 5.50
F-Secure Anti-Virus for Citrix Servers 5.52
F-Secure Anti-Virus for Windows Servers 5.52
F-Secure Anti-Virus for MIMEsweeper 5.61
F-Secure Anti-Virus Client Security 6.0 1
F-Secure Anti-Virus for MS Exchange 6.40
Solution:
The vendor has released patches to address this issue.
F-Secure Internet Gatekeeper for Linux 2.16
-
F-Secure fsigkl.html
http://www.f-secure.com/webclub/fsigkl.html
F-Secure Anti-Virus Client Security 6.03
-
F-Secure fsavwk602-04-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus Client Security 6.02
-
F-Secure fsavwk602-04-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Internet Gatekeeper 6.60
-
F-Secure fsigk660-03.zip
ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk660-03.zip
F-Secure Anti-Virus Linux Server Security 5.30
-
F-Secure fsssl.html
http://www.f-secure.com/webclub/fsssl.html
F-Secure Anti-Virus for Linux Servers 4.65
-
F-Secure fsavsrvl.html
http://www.f-secure.com/webclub/fsavsrvl.html
F-secure Anti-Virus Linux Client Security 5.30
-
F-Secure fscsl.html
http://www.f-secure.com/webclub/fscsl.html
F-Secure Anti-Virus for Linux Gateways 4.65
-
F-Secure fsavgwl.html
http://www.f-secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Linux Servers 4.64
-
F-Secure fsavsrvl.html
http://www.f-secure.com/webclub/fsavsrvl.html
F-Secure Anti-Virus for Linux Gateways 4.64
-
F-Secure fsavgwl.html
http://www.f-secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Workstations 5.44
-
F-Secure fsavwk602-04-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.5
-
F-Secure fsavsr552-11-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-11-signed. fsfix
F-Secure Anti-Virus for Windows Servers 5.50
-
F-Secure fsavsr552-11-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-11-signed. fsfix
F-Secure Anti-Virus for Citrix Servers 5.52
-
F-Secure fsavsr552-11-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-11-signed. fsfix
F-Secure Anti-Virus for Windows Servers 5.52
-
F-Secure fsavsr552-11-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-11-signed. fsfix
F-Secure Anti-Virus for MIMEsweeper 5.61
-
F-Secure fsavsr552-11-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-11-signed. fsfix
F-Secure Anti-Virus Client Security 6.0 1
-
F-Secure fsavwk602-04-signed.fsfix
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus for MS Exchange 6.40
-
F-Secure fsavmse6.html
http://www.f-secure.com/webclub/fsavmse6.html
References
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
References:
References:
- Client Security Home Page (F-Secure)
- F-Secure Anti-Virus For Linux Homepage (F-Secure)
- F-Secure Homepage (F-Secure)
- n.runs-SA-2007.015 F-Secure Denial of Service [FSG] (n.runs)
- n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory (n.runs)
- n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop A (n.runs)
- F-Secure Security Bulletin FSC-2007-1 Buffer overflow vulnerability in handling (F-Secure)
- n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory (n.runs AG )