TITLE: F-Secure Products Web Console Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA20407
VERIFY ADVISORY: http://secunia.com/advisories/20407/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ DESCRIPTION: A vulnerability has been reported in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error within the web console prior to authentication and can be exploited to cause a buffer overflow. Successful exploitation crashes the web console process and may potentially allow execution of arbitrary code. NOTE: By default connections are only allowed from localhost. The criticality of the vulnerability therefore depends on how the web console has been configured to accept connections. SOLUTION: Update to a fixed version or apply hotfix. -- F-Secure Anti-Virus for Microsoft Exchange -- Apply hotfix for version 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip -- F-Secure Internet Gatekeeper -- Update to version 6.60 or apply hotfix (for version 6.50): ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-3.shtml ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
