Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12943
HistoryJun 02, 2006 - 12:00 a.m.

[SA20407] F-Secure Products Web Console Buffer Overflow Vulnerability

2006-06-0200:00:00
vulners.com
10
JSON

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

TITLE:
F-Secure Products Web Console Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA20407

VERIFY ADVISORY:
http://secunia.com/advisories/20407/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
F-Secure Internet Gatekeeper 6.x
http://secunia.com/product/3339/
F-Secure Anti-Virus for Microsoft Exchange 6.x
http://secunia.com/product/454/

DESCRIPTION:
A vulnerability has been reported in F-Secure Anti-Virus for
Microsoft Exchange and F-Secure Internet Gatekeeper, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to an unspecified boundary error
within the web console prior to authentication and can be exploited
to cause a buffer overflow.

Successful exploitation crashes the web console process and may
potentially allow execution of arbitrary code.

NOTE: By default connections are only allowed from localhost. The
criticality of the vulnerability therefore depends on how the web
console has been configured to accept connections.

SOLUTION:
Update to a fixed version or apply hotfix.

– F-Secure Anti-Virus for Microsoft Exchange –

Apply hotfix for version 6.40:
ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip

– F-Secure Internet Gatekeeper –

Update to version 6.60 or apply hotfix (for version 6.50):
ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mikko Korppi.

ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2006-3.shtml

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON