SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   F-Secure Anti-Virus Vendors:   F-Secure
F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users
SecurityTracker Alert ID:  1015143
SecurityTracker URL:  http://securitytracker.com/id/1015143
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 3 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.40 (for Microsoft Exchange)
Description:   A vulnerability was reported in F-Secure Anti-Virus for Microsoft Exchange. A remote user may be able to view files on the target system.

A remote user on an "allowed host" can bypass the Web Console authentication and read files on the target system.

The Web Console is configured by default to only accept connections from the localhost interface.

The vendor credits Mikko Korppi with reporting this vulnerability.

Impact:   A remote user may be able to view files on the target system.
Solution:   The vendor has issued a Hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40:

ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-01.zip

Vendor URL:  www.f-secure.com/security/fsc-2005-2.shtml (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC