F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
BID:24237
Info
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
| Bugtraq ID: | 24237 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 30 2007 12:00AM |
| Updated: | May 31 2007 12:01AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
F-secure Internet Security 2006 0 F-Secure Internet Security 2005 F-Secure Internet Security 2007 F-secure Anti-Virus Linux Client Security 5.11 F-secure Anti-Virus Linux Client Security 5.0.4 F-secure Anti-Virus Linux Client Security 5.0 1 F-secure Anti-Virus Linux Client Security 5.0 F-secure Anti-Virus Linux Client Security 5.30 F-Secure Anti-Virus for Workstations 5.44 F-Secure Anti-Virus for Workstations 5.43 F-Secure Anti-Virus for Workstations 5.42 F-Secure Anti-Virus for Workstations 5.41 F-Secure Anti-Virus for Workstations 5.40 F-Secure Anti-Virus for Windows Servers 5.52 F-Secure Anti-Virus for Windows Servers 5.50 F-Secure Anti-Virus for Windows Servers 5.42 F-Secure Anti-Virus for Windows Servers 5.41 F-Secure Anti-Virus for MIMEsweeper 5.61 F-Secure Anti-Virus for MIMEsweeper 5.51 F-Secure Anti-Virus for MIMEsweeper 5.50 F-Secure Anti-Virus for MIMEsweeper 5.42 F-Secure Anti-Virus for MIMEsweeper 5.41 F-Secure Anti-Virus for Linux Workstations 4.52 F-Secure Anti-Virus for Linux Workstations 4.51 F-Secure Anti-Virus for Citrix Servers 5.52 F-Secure Anti-Virus for Citrix Servers 5.5 F-Secure Anti-Virus Client Security 6.0 1 F-Secure Anti-Virus Client Security 5.55 F-Secure Anti-Virus Client Security 5.54 F-Secure Anti-Virus Client Security 5.52 F-Secure Anti-Virus Client Security 5.50 F-Secure Anti-Virus Client Security 6.03 F-Secure Anti-Virus Client Security 6.02 F-Secure Anti-Virus 2006 0 F-secure Anti-Virus 2005 F-Secure Anti-Virus 5.56 F-Secure Anti-Virus 5.3 .0 F-Secure Anti-Virus 5.2.1 F-Secure Anti-Virus 5.0.2 F-Secure Anti-Virus 2007 |
| Not Vulnerable: | |
Discussion
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability.
Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer.
Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability.
Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer.
Exploit / POC
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
F-Secure Anti-Virus for Workstations 5.44
F-Secure Anti-Virus for Citrix Servers 5.5
F-Secure Anti-Virus for Windows Servers 5.50
F-Secure Anti-Virus for Citrix Servers 5.52
F-Secure Anti-Virus for Windows Servers 5.52
F-Secure Anti-Virus for MIMEsweeper 5.61
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
F-Secure Anti-Virus for Workstations 5.44
-
F-Secure fsavwk602-04
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.5
-
F-Secure fsavsr552-11
fsavsr552-11
F-Secure Anti-Virus for Windows Servers 5.50
-
F-Secure fsavsr552-11
fsavsr552-11 -
F-Secure fsavwk602-04
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.52
-
F-Secure fsavsr552-11
fsavsr552-11
F-Secure Anti-Virus for Windows Servers 5.52
-
F-Secure fsavsr552-11
fsavsr552-11 -
F-Secure fsavwk602-04
ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk602-04-signed.fsfix
F-Secure Anti-Virus for MIMEsweeper 5.61
-
F-Secure fsavsr552-11
fsavsr552-11
References
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
References:
References:
- F-Secure Anti-Virus for Linux Product Page (F-Secure)
- F-Secure Homepage (F-Secure)
- F-Secure Security Bulletin FSC-2007-2 - IOCTL vulnerability in Real-time Scannin (F-Secure)