J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: F-Secure ARJ Handling Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

A buffer overflow vulnerability exists in the ARJ handling code in the Anti-Virus library included in various F-Secure products. The vulnerability is known to affect various F-Secure Anti-Virus releases, F-Secure Internet Security, solutions based on F-Secure Personal Express, and F-Secure Internet Gatekeeper.

This vulnerability could be exploited by a malicious ARJ archive to execute arbitrary code in the context of the affected applications. The vulnerability is due to insufficient bounds check of ARJ header fields which will be copied into a finite buffer on the heap. Data within the malicious ARJ may corrupt process memory and allow for control of execution flow. This may completely compromise vulnerable computers.

This vulnerability may be exploited in various ways, depending on the affected products, some of which may not be vulnerable in the default configuration. Products will typically be exposed when scanning a malicious archive. The highest risk is posed to the gateway and server products, which may automatically scan large amounts of files and have in-archive scanning enabled in typical configurations. Client software may require the user to download the malicious archive or receive it as an email attachment, in most cases in-archive scanning must be enabled but is not usually enabled by default. Any means of transferring a malicious ARJ to a client user may provide an attack vector for affected computers.

Affected Products:

  • F-Secure Anti-Virus 2004
  • F-Secure Anti-Virus 2005
  • F-Secure Anti-Virus Client Security 5.50.0
  • F-Secure Anti-Virus Client Security 5.52.0
  • F-Secure Anti-Virus Client Security 5.54.0
  • F-Secure Anti-Virus Client Security 5.55.0
  • F-Secure Anti-Virus Linux Client Security 5.0.0
  • F-Secure Anti-Virus Linux Client Security 5.0.0 1
  • F-Secure Anti-Virus Linux Server Security 5.0.0
  • F-Secure Anti-Virus Linux Server Security 5.0.0 1
  • F-Secure Anti-Virus for Citrix Servers 5.5.0
  • F-Secure Anti-Virus for Firewalls 6.20.0
  • F-Secure Anti-Virus for Linux Gateways 4.51.0
  • F-Secure Anti-Virus for Linux Gateways 4.52.0
  • F-Secure Anti-Virus for Linux Gateways 4.61.0
  • F-Secure Anti-Virus for Linux Servers 4.51.0
  • F-Secure Anti-Virus for Linux Servers 4.52.0
  • F-Secure Anti-Virus for Linux Servers 4.61.0
  • F-Secure Anti-Virus for Linux Workstations 4.51.0
  • F-Secure Anti-Virus for Linux Workstations 4.52.0
  • F-Secure Anti-Virus for MIMEsweeper 5.41.0
  • F-Secure Anti-Virus for MIMEsweeper 5.42.0
  • F-Secure Anti-Virus for MIMEsweeper 5.50.0
  • F-Secure Anti-Virus for MIMEsweeper 5.51.0
  • F-Secure Anti-Virus for MS Exchange 6.0.0 1
  • F-Secure Anti-Virus for MS Exchange 6.2.0
  • F-Secure Anti-Virus for MS Exchange 6.21.0
  • F-Secure Anti-Virus for MS Exchange 6.3.0 0
  • F-Secure Anti-Virus for MS Exchange 6.30.0 Service Release 1
  • F-Secure Anti-Virus for MS Exchange 6.31.0
  • F-Secure Anti-Virus for Samba Servers 4.60.0
  • F-Secure Anti-Virus for Windows Servers 5.41.0
  • F-Secure Anti-Virus for Windows Servers 5.42.0
  • F-Secure Anti-Virus for Windows Servers 5.50.0
  • F-Secure Anti-Virus for Workstations 5.40.0
  • F-Secure Anti-Virus for Workstations 5.41.0
  • F-Secure Anti-Virus for Workstations 5.42.0
  • F-Secure Anti-Virus for Workstations 5.43.0
  • F-Secure Internet Gatekeeper 6.3.0
  • F-Secure Internet Gatekeeper 6.31.0
  • F-Secure Internet Gatekeeper 6.32.0
  • F-Secure Internet Gatekeeper 6.40.0
  • F-Secure Internet Gatekeeper 6.41.0
  • F-Secure Internet Gatekeeper for Linux 2.0.0 6
  • F-Secure Internet Security 2004
  • F-Secure Internet Security 2005
  • F-Secure Personal Express 4.5.0
  • F-Secure Personal Express 4.6.0
  • F-Secure Personal Express 4.7.0
  • F-Secure Personal Express 5.0.0
  • F-Secure Personal Express 5.10.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.