F-Secure Internet Gatekeeper May Fail to Scan Certain ZIP and RAR Archives
|
|
SecurityTracker Alert ID: 1022171 |
|
SecurityTracker URL: http://securitytracker.com/id/1022171
|
|
CVE Reference:
CVE-2009-1782
(Links to External Site)
|
Updated: May 28 2009
|
Original Entry Date: May 6 2009
|
Impact:
Host/resource access via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.61 and prior (for Windows), 2.16 and prior (for Linux)
|
Description:
A vulnerability was reported in F-Secure Internet Gatekeeper. A user can create an archive that will bypass detection.
A remote user can create a specially crafted ZIP or RAR archive that, when processed by the target user or application, will will not be detected by the scanning engine.
The following product versions are affected:
F-Secure Internet Gatekeeper for Windows 6.61 and prior
F-Secure Internet Gatekeeper for Linux 2.16 and prior
F-Secure Internet Gatekeeper for Linux Japanese 3.01 and prior
Roger Mickael reported this vulnerability.
|
Impact:
A user can create an archive that will bypass detection.
|
Solution:
The vendor has issued a fix. A patch matrix is available in the F-Secure advisory.
The vendor's advisory is available at:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html
|
Vendor URL: www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 6 May 2009 15:20:14 -0400
Subject: F-Secure Anti-Virus, F-Secure Internet Gatekeeper, F-Secure Protection Service for Business, F-Secure Internet Security, F-Secure Client Security
|
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html
|
|
