Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA20407] F-Secure Products Web Console Buffer Overflow Vulnerability



> 
> TITLE:
> F-Secure Products Web Console Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA20407
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20407/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> F-Secure Internet Gatekeeper 6.x
> http://secunia.com/product/3339/
> F-Secure Anti-Virus for Microsoft Exchange 6.x
> http://secunia.com/product/454/
> 
> DESCRIPTION:
> A vulnerability has been reported in F-Secure Anti-Virus for
> Microsoft Exchange and F-Secure Internet Gatekeeper, which
> potentially can be exploited by malicious people to compromise a
> vulnerable system.
> 
> The vulnerability is caused due to an unspecified boundary error
> within the web console prior to authentication and can be exploited
> to cause a buffer overflow.
> 
> Successful exploitation crashes the web console process and may
> potentially allow execution of arbitrary code.
> 
> NOTE: By default connections are only allowed from localhost. The
> criticality of the vulnerability therefore depends on how the web
> console has been configured to accept connections.
> 
> SOLUTION:
> Update to a fixed version or apply hotfix.
> 
> -- F-Secure Anti-Virus for Microsoft Exchange --
> 
> Apply hotfix for version 6.40:
> ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip
> 
> -- F-Secure Internet Gatekeeper --
> 
> Update to version 6.60 or apply hotfix (for version 6.50):
> ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Mikko Korppi.
> 
> ORIGINAL ADVISORY:
> http://www.f-secure.com/security/fsc-2006-3.shtml
> 



 




Copyright © Lexa Software, 1996-2009.