F-Secure Policy Manager fsmsh.dll Lets Remote Users Deny Service With NTFS Reserved Words
|
|
SecurityTracker Alert ID: 1018149
|
|
SecurityTracker URL: http://securitytracker.com/id?1018149
|
|
CVE Reference: CVE-2007-2964
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 30 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.xx, 6.xx, 7.00
|
Description: A vulnerability was reported in F-Secure Policy Manager. A remote user can cause denial of service conditions.
A remote user can send specially crafted requests containing NTFS reserved words in the URL filename to cause unspecified denial of service conditions.
The vendor credits David Maciejak with reporting this vulnerability.
|
Impact: A remote user can cause unspecified denial of service conditions.
|
Solution: The vendor has issued a fixed version (7.01). A hotfix for 7.00 is also available.
The F-Secure advisory is available at:
http://www.f-secure.com/security/fsc-2007-4.shtml
|
Vendor URL: www.f-secure.com/security/fsc-2007-4.shtml (Links to External Site)
|
Cause: Resource error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 30 May 2007 13:25:45 -0400
Subject: Denial of service vulnerability in F-Secure Policy Manager Server host module
|
http://www.f-secure.com/security/fsc-2007-4.shtml
|
|
