CERTA-2009-AVI-177
Vulnerability from certfr_avis - Published: 2009-05-11 - Updated: 2009-05-11
Un défaut dans l'analyse de formats d'archives permet à un utilisateur malveillant de contourner la politique de sécurité.
Description
Un défaut dans l'analyse des fichiers d'archives aux formats ZIP et RAR permet à un utilisateur malveillant de faire échapper un code malveillant à l'analyse antivirale.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- F-Secure Antivirus for Microsoft Exchange jusqu'à la version 7.10 ;
- F-Secure Internet Gatekeeper :
- for Windows jusqu'à la version 6.61 ;
- for Linux jusqu'à la version 2.16 ;
- for Linux Japanese jusqu'à la version 3.01 ;
- F-Secure Protection Service for Business - E-mail and Server security, jusqu'à la version 8.00 ;
- F-Secure Protection Service for Business - Workstation security, jusqu'à la version 8.00 ;
- F-Secure Protection Service for Consumers, jusqu'à la version 8.00 ;
- F-Secure Internet Security jusqu'à la version 2009 ;
- F-Secure Anti-Virus jusqu'à la version 2009 ;
- F-Secure Home Server Security jusqu'à la version 2009 ;
- F-Secure Client Security jusqu'à la version 8.0 ;
- F-Secure Anti-Virus for Workstations jusqu'à la version 8.0 ;
- F-Secure Anti-Virus for Windows Servers jusqu'à la version 8.00 ;
- F-Secure Anti-Virus for Citrix Servers jusqu'à la version 7.00 ;
- F-Secure Anti-Virus for MIMEsweeper jusqu'à la version 5.61 ;
- F-Secure Anti-Virus Linux Client Security jusqu'à la version 5.54 ;
- F-Secure Anti-Virus Linux Server Security jusqu'à la version 5.54 ;
- F-Secure Anti-Virus Linux Servers jusqu'à la version 4.65 ;
- F-Secure Linux Security jusqu'à la version 7.02.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cUL\u003e \u003cLI\u003eF-Secure Antivirus for Microsoft Exchange jusqu\u0027\u00e0 la version 7.10 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Internet Gatekeeper : \u003cUL\u003e \u003cLI\u003efor Windows jusqu\u0027\u00e0 la version 6.61 ;\u003c/LI\u003e \u003cLI\u003efor Linux jusqu\u0027\u00e0 la version 2.16 ;\u003c/LI\u003e \u003cLI\u003efor Linux Japanese jusqu\u0027\u00e0 la version 3.01 ;\u003c/LI\u003e \u003c/UL\u003e \u003c/LI\u003e \u003cLI\u003eF-Secure Protection Service for Business - E-mail and Server security, jusqu\u0027\u00e0 la version 8.00 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Protection Service for Business - Workstation security, jusqu\u0027\u00e0 la version 8.00 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Protection Service for Consumers, jusqu\u0027\u00e0 la version 8.00 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Internet Security jusqu\u0027\u00e0 la version 2009 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus jusqu\u0027\u00e0 la version 2009 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Home Server Security jusqu\u0027\u00e0 la version 2009 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Client Security jusqu\u0027\u00e0 la version 8.0 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus for Workstations jusqu\u0027\u00e0 la version 8.0 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus for Windows Servers jusqu\u0027\u00e0 la version 8.00 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus for Citrix Servers jusqu\u0027\u00e0 la version 7.00 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus for MIMEsweeper jusqu\u0027\u00e0 la version 5.61 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus Linux Client Security jusqu\u0027\u00e0 la version 5.54 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus Linux Server Security jusqu\u0027\u00e0 la version 5.54 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Anti-Virus Linux Servers jusqu\u0027\u00e0 la version 4.65 ;\u003c/LI\u003e \u003cLI\u003eF-Secure Linux Security jusqu\u0027\u00e0 la version 7.02.\u003c/LI\u003e \u003c/UL\u003e",
"content": "## Description\n\nUn d\u00e9faut dans l\u0027analyse des fichiers d\u0027archives aux formats ZIP et RAR\npermet \u00e0 un utilisateur malveillant de faire \u00e9chapper un code\nmalveillant \u00e0 l\u0027analyse antivirale.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2009-05-11T00:00:00",
"last_revision_date": "2009-05-11T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-177",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Un d\u00e9faut dans l\u0027analyse de formats d\u0027archives permet \u00e0 un utilisateur\nmalveillant de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2009-1 du 06 mai 2009",
"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…