[ISN] F-Secure hit with antivirus vulnerabilities

From: InfoSec News (alerts@private)
Date: Wed May 30 2007 - 22:10:58 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9022041

By Robert McMillan
May 30, 2007 
IDG News Service

F-Secure Corp. has patched several vulnerabilities in its security 
products, the most critical of which could be used to run unauthorized 
software on a victim's computer.

The most critical of these bugs affects F-Secure's antivirus products. A 
flaw in the way the software unpacks files that have been compressed 
using the LHA archiving format, could allow an attacker to crash the 
system, or even run unauthorized software on the computer, F-Secure said 
in an advisory, published Wednesday.

This flaw is related to a similar flaw in the Gzip decompression utility 
that was discovered last September, F-Secure said.

Security vendor Secunia ApS rates the bug as highly critical. The flaw 
affects F-Secure's Anti-Virus, Internet Gatekeeper and Internet Security 
product suites.

A second less-critical vulnerability in some of the company's antivirus 
software was also patched Wednesday. This flaw could be used by an 
attacker with access to the local system to get into unauthorized parts 
of the system in what is called a privilege escalation attack.

Users of some versions of F-Secure Anti-Virus and Internet Security have 
been automatically delivered the software patches for these flaws, 
F-Secure said. A list of which products require hotfixes can be found 
within F-Secure's security bulletins.

Also on Wednesday, F-Secure fixed a flaw in its Policy Manager Server 
that could be used by attackers to launch a denial of service attack 
against the security management software. Secunia rates this bug as 
"less critical."


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed May 30 2007 - 22:31:21 PDT