Canada Flag Public Safety and Emergency Preparedness Canada | Sécurité publique et Protection civile Canada
Symbol of the Government of Canada
Sauter les menus principaux  
Skip all menus (access key: 2) Skip first menu (access key: 1)
Français Contact Us Help Search Canada Site
About Us Policy Research Programs Newsroom
Public Safety and Emergency Preparedness Canada - Sécurité publique et Protection civile Canada
 
You have accessed an archived page on the Public Safety and Emergency Preparedness Canada website. This material may be outdated. Please consult our new site for up-to-date information.

Title graphic: Operations Products

Advisory Number: AV05-008
F-Secure AntiVirus Library Heap Overflow
10 February 2005

Purpose
The purpose of this advisory is to bring attention to a F-Secure AntiVirus Library Heap Overflow vulnerability.

Assessment
The F-Secure Antivirus Library is used to parse different file formats to detect malware. Before archive decompression, the library does not properly check the length of certain fields. These fields are copied into a heap buffer that is allocated a static amount of bytes. The result is an arbitrary heap overflow with moderate character restrictions.

This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an e-mail containing a crafted archive file to the target F-Secure AntiVirus Library on client, server, and gateway implementations. Additional attack vectors exist over other common protocols (e.g. HTTP, FTP, POP3), but some may require user interaction.

Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by the F-Secure AntiVirus Library product.

Affected Products:

  • F-Secure Anti-Virus for Workstation version 5.43 and earlier
  • F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
  • F-Secure Anti-Virus for Citrix Servers version 5.50
  • F-Secure Anti-Virus for MIMEsweeper version 5.51 and earlier
  • F-Secure Anti-Virus Client Security version 5.55 and earlier
  • F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
  • F-Secure Internet Gatekeeper version 6.41 and earlier
  • F-Secure Anti-Virus for Firewalls version 6.20 and earlier
  • F-Secure Internet Security 2004 and 2005
  • F-Secure Anti-Virus 2004 and 2005 Solutions based on
  • F-Secure Personal Express version 5.10 and earlier
  • F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
  • F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
  • F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
  • F-Secure Anti-Virus for Samba Servers version 4.60
  • F-Secure Anti-Virus Linux Client Security 5.02 and earlier
  • F-Secure Anti-Virus Linux Server Security 5.02 and earlier

Note: Additional versions may be affected, please contact your vendor for confirmation.

Suggested Action
PSECP recommends that System Administrators test and apply relevant patches from the vendor.

For more information, please refer to:
http://xforce.iss.net/xforce/alerts/id/188
http://www.f-secure.com/security/fsc-2005-1.shtml


---

Note to Readers

Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products to our partners. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail.

Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.

Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.
Last Updated: 10/25/2005
Top of page
 Important Notices