CERTA-2004-AVI-380
Vulnerability from certfr_avis - Published: 2004-11-24 - Updated: 2004-11-24None
Description
Une vulnérabilité dans le traitement des archives au format ZIP permet à un programme malicieux, contenu à l'intérieur d'une archive au format ZIP habilement constituée, de ne pas être analysé et détecté.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.61 et versions précédentes ; | ||
| N/A | N/A | F-Secure Personal Express version 5.00 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Internet Gatekeeper for Linux version 2.06 et versions précédentes. | ||
| N/A | N/A | F-Secure Anti-Virus for Firewalls version 6.20 et versions précédentes ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers version 5.50 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Workstations version 4.52 et versions précédentes ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper version 6.41 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security version 5.55 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for MS Exchange version 6.01 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus 2004 et 2005 ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Samba Servers version 4.60 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MS Exchange version 6.31 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstation version 5.43 et versions précédentes ; | ||
| ESET | Internet Security | F-Secure Internet Security 2004 et 2005 ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Gateways version 4.61 et versions précédentes ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Personal Express version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux version 2.06 et versions pr\u00e9c\u00e9dentes.",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Firewalls version 6.20 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Workstations version 4.52 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper version 6.41 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security version 5.55 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.01 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2004 et 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Samba Servers version 4.60 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.31 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstation version 5.43 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2004 et 2005 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Gateways version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des archives au format ZIP permet \u00e0\nun programme malicieux, contenu \u00e0 l\u0027int\u00e9rieur d\u0027une archive au format\nZIP habilement constitu\u00e9e, de ne pas \u00eatre analys\u00e9 et d\u00e9tect\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2004-11-24T00:00:00",
"last_revision_date": "2004-11-24T00:00:00",
"links": [
{
"title": "Site Internet de F-Secure :",
"url": "http://www.f-secure.com"
}
],
"reference": "CERTA-2004-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 de l\u0027antivirus F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2004-3",
"url": "http://www.f-secure.com/security/fsc-2004-3.shtml"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…