Jump to content


Photo

F-Secure multiple products, vulns - updates available


  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,562 posts

Posted 30 May 2007 - 01:07 PM

FYI...

F-Secure Anti-Virus 5 hotfixes
> http://support.f-sec...-hotfixes.shtml

------------------------------------------------
F-Secure Products vuln - updates available
- http://secunia.com/advisories/25426/
Release Date: 2007-05-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007 ...
The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
The vulnerability is related to #1 in: http://secunia.com/SA21996/
Successful exploitation may allow execution of arbitrary code.
Solution: Apply hotfixes.
F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure....sc-2007-1.shtml ..."
------------------------------------------------

F-Secure AV vuln - update available
- http://secunia.com/advisories/25439/
Release Date: 2007-05-30
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007
...The vulnerability is caused due to an error in the real-time scanning component and can be exploited to execute arbitrary code with escalated privileges via specially crafted I/O request packets.
Solution: F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers 5.00 - 6.40: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure....sc-2007-2.shtml ..."
----------------------------

F-Secure Policy Mgr Svr DoS Vuln - update available
- http://secunia.com/advisories/25449/
Release Date: 2007-05-30
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
...The vulnerability is caused due to an error within the fsmsh.dll host module and can be exploited to e.g. crash the server by specifying NTFS reserved names as URL filenames. The vulnerability affects versions 7.00 and prior.
Solution: Update to 7.01 or apply hotfix. http://www.f-secure....bclub/fspm.html
ftp://ftp.f-secure.com/support/hotfix/fsp...570-hotfix2.zip ...
Original Advisory: F-Secure:
http://www.f-secure....sc-2007-4.shtml ..."
----------------------------------------------------------------

- http://www.f-secure....7.html#00001202
May 30, 2007

.

Edited by apluswebmaster, 31 May 2007 - 07:21 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button