Thread-topic: [SA20407] F-Secure Products Web Console Buffer Overflow Vulnerability
> F-Secure Products Web Console Buffer Overflow Vulnerability
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Moderately critical
> DoS, System access
> From remote
> F-Secure Internet Gatekeeper 6.x
> F-Secure Anti-Virus for Microsoft Exchange 6.x
> A vulnerability has been reported in F-Secure Anti-Virus for
> Microsoft Exchange and F-Secure Internet Gatekeeper, which
> potentially can be exploited by malicious people to compromise a
> vulnerable system.
> The vulnerability is caused due to an unspecified boundary error
> within the web console prior to authentication and can be exploited
> to cause a buffer overflow.
> Successful exploitation crashes the web console process and may
> potentially allow execution of arbitrary code.
> NOTE: By default connections are only allowed from localhost. The
> criticality of the vulnerability therefore depends on how the web
> console has been configured to accept connections.
> Update to a fixed version or apply hotfix.
> -- F-Secure Anti-Virus for Microsoft Exchange --
> Apply hotfix for version 6.40:
> -- F-Secure Internet Gatekeeper --
> Update to version 6.60 or apply hotfix (for version 6.50):
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Mikko Korppi.
> ORIGINAL ADVISORY: