ID

VAR-200601-0369


CVE

CVE-2006-0338


TITLE

F-Secure Multiple Archive File Handling Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

DESCRIPTION

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. F-Secure is prone to multiple vulnerabilities when handling archives of various formats. The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise. Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection. TITLE: F-Secure Anti-Virus Archive Handling Vulnerabilities SECUNIA ADVISORY ID: SA18529 VERIFY ADVISORY: http://secunia.com/advisories/18529/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: >From remote SOFTWARE: F-Secure Personal Express 6.x http://secunia.com/product/6885/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malware to bypass detection or malicious people to compromise a vulnerable system. 2) An error in the scanning functionality when processing RAR and ZIP archives can be exploited to prevent malware from being detected. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0338 // BID: 16309 // VULHUB: VHN-16446 // PACKETSTORM: 43189

AFFECTED PRODUCTS

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.31

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.30

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.21

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.30_sr1

Trust: 1.6

vendor:f securemodel:f-secure internet securityscope:eqversion:2005

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.40

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.55

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.2

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.01

Trust: 1.6

vendor:f securemodel:internet gatekeeperscope:eqversion:6.41

Trust: 1.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.32

Trust: 1.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.42

Trust: 1.3

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.41

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.0

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.43

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.61

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.11

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.5

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:2005

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.44

Trust: 1.0

vendor:f securemodel:internet gatekeeperscope:eqversion:2.06

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.64

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.60

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.51

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.52

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:2004

Trust: 1.0

vendor:f securemodel:f-secure internet securityscope:eqversion:2006

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:4.5

Trust: 1.0

vendor:f securemodel:internet gatekeeperscope:eqversion:2.14

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:2003

Trust: 1.0

vendor:f securemodel:f-secure internet securityscope:eqversion:2004

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:5.0

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:4.62

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:4.7

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.52

Trust: 1.0

vendor:f securemodel:f-secure personal expressscope:eqversion:4.6

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:eqversion:5.42

Trust: 1.0

vendor:f securemodel:internet gatekeeper for linuxscope:eqversion:2.6

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.52

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.2

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.52

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.64

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.43

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.64

Trust: 0.3

vendor:f securemodel:anti-virusscope:eqversion:2005

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:20060

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.21

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:2.16

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.61

Trust: 0.3

vendor:f securemodel:anti-virus linux client securityscope:eqversion:5.11

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:anti-virusscope:eqversion:2004

Trust: 0.3

vendor:f securemodel:anti-virus for windows serversscope:eqversion:5.50

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.61

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.61

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.31

Trust: 0.3

vendor:f securemodel:anti-virus for citrix serversscope:eqversion:5.5

Trust: 0.3

vendor:f securemodel:anti-virus for citrix serversscope:eqversion:5.52

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.40

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.01

Trust: 0.3

vendor:f securemodel:anti-virus linux client securityscope:eqversion:5.01

Trust: 0.3

vendor:f securemodel:internet gatekeeper for linuxscope:eqversion:2.06

Trust: 0.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.400

Trust: 0.3

vendor:f securemodel:anti-virus linux server securityscope:eqversion:5.11

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.55

Trust: 0.3

vendor:f securemodel:internet gatekeeper for linuxscope:eqversion:2.14

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchangescope:eqversion:6.30

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.50

Trust: 0.3

vendor:f securemodel:anti-virus linux client securityscope:eqversion:5.0

Trust: 0.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.31

Trust: 0.3

vendor:f securemodel:anti-virus for ms exchange service releasescope:eqversion:6.301

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:2005

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.44

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:2004

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.50

Trust: 0.3

vendor:f securemodel:anti-virus for linux gatewaysscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus for firewallsscope:eqversion:6.20

Trust: 0.3

vendor:f securemodel:anti-virusscope:eqversion:20060

Trust: 0.3

vendor:f securemodel:anti-virus for linux workstationsscope:eqversion:4.52

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.40

Trust: 0.3

vendor:f securemodel:anti-virus linux server securityscope:eqversion:5.01

Trust: 0.3

vendor:f securemodel:anti-virus for linux serversscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:5.54

Trust: 0.3

vendor:f securemodel:anti-virus for linux workstationsscope:eqversion:4.51

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:6.01

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:internet gatekeeperscope:eqversion:6.3

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.41

Trust: 0.3

vendor:f securemodel:anti-virus linux server securityscope:eqversion:5.0

Trust: 0.3

vendor:f securemodel:anti-virus for workstationsscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:anti-virus for samba serversscope:eqversion:4.62

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:solutions based on f-secure personal expressscope:eqversion:6.20

Trust: 0.3

vendor:f securemodel:anti-virus for mimesweeperscope:eqversion:5.51

Trust: 0.3

sources: BID: 16309 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0338
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200601-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16446
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16446
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16446 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0338

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

EXTERNAL IDS

db:BIDid:16309

Trust: 2.0

db:SECUNIAid:18529

Trust: 1.8

db:NVDid:CVE-2006-0338

Trust: 1.7

db:OSVDBid:22633

Trust: 1.7

db:VUPENid:ADV-2006-0257

Trust: 1.7

db:SECTRACKid:1015507

Trust: 1.7

db:SECTRACKid:1015508

Trust: 1.7

db:SECTRACKid:1015509

Trust: 1.7

db:SECTRACKid:1015510

Trust: 1.7

db:CNNVDid:CNNVD-200601-264

Trust: 0.7

db:CIACid:Q-103

Trust: 0.6

db:XFid:24199

Trust: 0.6

db:VULHUBid:VHN-16446

Trust: 0.1

db:PACKETSTORMid:43189

Trust: 0.1

sources: VULHUB: VHN-16446 // BID: 16309 // PACKETSTORM: 43189 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

REFERENCES

url:http://www.f-secure.com/security/fsc-2006-1.shtml

Trust: 2.1

url:http://www.securityfocus.com/bid/16309

Trust: 1.7

url:http://www.ciac.org/ciac/bulletins/q-103.shtml

Trust: 1.7

url:http://www.osvdb.org/22633

Trust: 1.7

url:http://securitytracker.com/id?1015507

Trust: 1.7

url:http://securitytracker.com/id?1015508

Trust: 1.7

url:http://securitytracker.com/id?1015509

Trust: 1.7

url:http://securitytracker.com/id?1015510

Trust: 1.7

url:http://secunia.com/advisories/18529

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0257

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24199

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0257

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24199

Trust: 0.6

url:http://www.f-secure.com/

Trust: 0.3

url:http://secunia.com/product/457/

Trust: 0.1

url:http://secunia.com/product/454/

Trust: 0.1

url:http://secunia.com/product/3334/

Trust: 0.1

url:http://secunia.com/product/2718/

Trust: 0.1

url:http://secunia.com/product/455/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/4299/

Trust: 0.1

url:http://secunia.com/advisories/18529/

Trust: 0.1

url:http://secunia.com/product/452/

Trust: 0.1

url:http://secunia.com/product/6883/

Trust: 0.1

url:http://secunia.com/product/4300/

Trust: 0.1

url:http://secunia.com/product/5786/

Trust: 0.1

url:http://secunia.com/product/3339/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/6885/

Trust: 0.1

url:http://secunia.com/product/5198/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3500/

Trust: 0.1

url:http://secunia.com/product/6882/

Trust: 0.1

url:http://secunia.com/product/3501/

Trust: 0.1

url:http://secunia.com/product/4635/

Trust: 0.1

url:http://secunia.com/product/3165/

Trust: 0.1

url:http://secunia.com/product/3499/

Trust: 0.1

url:http://secunia.com/product/451/

Trust: 0.1

sources: VULHUB: VHN-16446 // BID: 16309 // PACKETSTORM: 43189 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

CREDITS

Thierry Zoller is credited with the discovery of these issues.

Trust: 0.9

sources: BID: 16309 // CNNVD: CNNVD-200601-264

SOURCES

db:VULHUBid:VHN-16446
db:BIDid:16309
db:PACKETSTORMid:43189
db:CNNVDid:CNNVD-200601-264
db:NVDid:CVE-2006-0338

LAST UPDATE DATE

2024-11-23T21:49:46.338000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16446date:2017-07-20T00:00:00
db:BIDid:16309date:2006-02-07T20:54:00
db:CNNVDid:CNNVD-200601-264date:2006-08-16T00:00:00
db:NVDid:CVE-2006-0338date:2024-11-21T00:06:13.943

SOURCES RELEASE DATE

db:VULHUBid:VHN-16446date:2006-01-21T00:00:00
db:BIDid:16309date:2006-01-19T00:00:00
db:PACKETSTORMid:43189date:2006-01-19T17:33:40
db:CNNVDid:CNNVD-200601-264date:2006-01-20T00:00:00
db:NVDid:CVE-2006-0338date:2006-01-21T00:03:00