F-Secure Anti-Virus Archived Virus Detection Bypass Vulnerability - Secunia Advisories - Vulnerability Intelligence

F-Secure Anti-Virus Archived Virus Detection Bypass Vulnerability
Secunia Advisory:	SA11699	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2004-05-25
Last Update:	2005-07-26
Popularity:	11,829 views

Critical:	Less critical
Impact:	Security Bypass
Where:	From remote
Solution Status:	Vendor Patch

Software:	F-Secure Anti-Virus 5.x F-Secure Anti-Virus Client Security 5.x F-Secure Anti-Virus for Windows Servers 5.x F-Secure Anti-Virus for Workstations 5.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2004-2276

Description: A vulnerability has been discovered in F-Secure Anti-Virus, which may prevent certain malware in archives from being detected. The vulnerability is caused due to an unspecified error, which reportedly causes a problem with properly detecting the Sober.D and Sober.G viruses in PKZip archives. The vulnerability has been reported in the following versions: * F-Secure Anti Virus 5.41/5.42 for Workstations * F-Secure Anti-Virus 5.41/5.42 for File Servers * F-Secure Anti Virus Client Security 5.50 and 5.52 NOTE: The malware will still be detected by the affected products when being extracted from the archives prior to execution. Solution: F-Secure Anti-Virus Client Security 5.52 Service Release 1 (SR-1) is not affected. Apply appropriate hotfixes for vulnerable versions. FSAV 5.42/5.41 Hotfix 3: ftp://ftp.f-secure.com/support/hotfix/fsav/fsavwk552-05-signed.fsfix FSAV 5.41/5.42 for Servers Hotfix 13: ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr541-13-signed.fsfix FSAVCS Hotfix 10 (Anti-Virus Hotfix 5): ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk552-05-signed.fsfix Provided and/or discovered by: Reported by vendor. Changelog: 2004-05-26: Updated advisory with new information from vendor and decreased rating to "Less critical". 2005-07-26: Added CVE reference.

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	13
New vulnerabilities:	20
Updated advisories:	24

Less // 58 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 81 views

Debian update for flamethrower

Not // 83 views

flamethrower Insecure Temporary Files

Less // 91 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 147 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 144 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 145 views

Rumpus Multiple Vulnerabilities

Less // 160 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 148 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Moderately // 196 views

Ubuntu update for imagemagick

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.