Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

Critical F-Secure ZIP, RAR flaw

p2p news / p2pnet: F-Secure says there’s a critical cross-platform code execution flaw in ZIP- and RAR-archive handling for a number of anti-virus products for Windows and Linux.

It would allow malicious hackers to create specially crafted ZIP archives that would cause a buffer overflow which in turn would let them execute code of their choice on affected systems, says the company.

“It is in addition possible to create malformed RAR- and ZIP-archives that cannot be scanned properly,” F-Secure states. “This can lead to a false negative scan result.”

Research director Mikko Hyppönen warns, “Patch now before someone figures out how to exploit the vulnerability.”

Affected are:

  • F-Secure Anti-Virus for Workstation version 5.44 and earlier
  • F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
  • F-Secure Anti-Virus for Citrix Servers version 5.52
  • F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
  • F-Secure Anti-Virus Client Security version 6.01 and earlier
  • F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
  • F-Secure Internet Gatekeeper version 6.42 and earlier
  • F-Secure Anti-Virus for Firewalls version 6.20 and earlier
  • F-Secure Internet Security 2004, 2005 and 2006
  • F-Secure Anti-Virus 2004, 2005 and 2006
  • Solutions based on F-Secure Personal Express version 6.20 and earlier
  • F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
  • F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
  • F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
  • F-Secure Anti-Virus for Samba Servers version 4.62
  • F-Secure Anti-Virus Linux Client Security 5.11 and earlier
  • F-Secure Anti-Virus Linux Server Security 5.11 and earlier
  • F-Secure Internet Gatekeeper for Linux 2.14 and earlier

“At the moment we are not aware of any attacks that would have used this vulnerability,” says Hyppönen, crediting discovery of the flaw to Thierry Zoller.

Go here for the patch

Also See:
F-Secure - Code execution vulnerability in ZIP and RAR-archive handling, January 19, 2006

This entry was posted on Thursday, January 19th, 2006 at 12:04 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2810 times

« previous IFPI on p2p file sharing
747btrfly spreads her wings next »

Leave a Reply
    Advertisments
Teksavvy