NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0441 MAC Vulnerabilities Noted in Security Products:


Security vendor F-Secure has warned of multiple criitcal vulnerabilities in its own and other vendors' products. The Secure Programming Group at Oulu University in Finland discovered the vulnerabilities, which relate to the way the products respond to malformed archive files. The Oulu researchers have created a colletion of malformed archive files that break and crash products from at least 40 vendors including F-Secure and several other antivirus vendors.

F-Secure products that are affected include F-Secure Internet Security 2008, F-Secure Anti-Virus 2008, F-Secure Mobile Anti-Virus for Windows Mobile 2003/5.0/6, and F-Secure Anti-Virus for Linux 4.65 and earlier versions according to an F-Secure security bulletin. Other software affected includes Debian libarchive1, FreeBSD libarchive 3, Gentoo app-arch/libarchive and Suse libarchive, according to an advisory from the CERT-FI, the Finnish Computer Emergency REsponse Team.

Oulu University researchers discovered the vulnerabilities in various archive file formats, including ZIP, as part of their Protos Genome Project. The project tested malformed archive protocols inputted into archive file formats. The research identified that most implementations evaluated failed to perform in a robust manner according to the CERT-FI advisory. The vulnerabilities could be exploited to gain access to and remotely execute code on a targeted system.

(http://zdnet.co.uk 19MAR08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Tuesday, 01-Apr-2008 21:57:41 EDT