Details of VAR-200601-0369

ID

VAR-200601-0369

CVE

CVE-2006-0338

TITLE

F-Secure Multiple Archive File Handling Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

DESCRIPTION

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. F-Secure is prone to multiple vulnerabilities when handling archives of various formats. The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise. Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection. TITLE: F-Secure Anti-Virus Archive Handling Vulnerabilities SECUNIA ADVISORY ID: SA18529 VERIFY ADVISORY: http://secunia.com/advisories/18529/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: >From remote SOFTWARE: F-Secure Personal Express 6.x http://secunia.com/product/6885/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malware to bypass detection or malicious people to compromise a vulnerable system. 2) An error in the scanning functionality when processing RAR and ZIP archives can be exploited to prevent malware from being detected. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0338 // BID: 16309 // VULHUB: VHN-16446 // PACKETSTORM: 43189

AFFECTED PRODUCTS

vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.31	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.30	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.21	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.30_sr1	Trust: 1.6
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2005	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.40	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.55	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.2	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.01	Trust: 1.6
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.41	Trust: 1.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.32	Trust: 1.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.42	Trust: 1.3
vendor:	f secure	model:	f-secure personal express	scope:	eq	version:	4.6	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.61	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.14	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2003	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.42	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.0	Trust: 1.0
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.62	Trust: 1.0
vendor:	f secure	model:	f-secure personal express	scope:	eq	version:	5.0	Trust: 1.0
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2004	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.44	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.41	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.51	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.11	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2005	Trust: 1.0
vendor:	f secure	model:	f-secure personal express	scope:	eq	version:	4.5	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.60	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2004	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.5	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.06	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.64	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.43	Trust: 1.0
vendor:	f secure	model:	f-secure personal express	scope:	eq	version:	4.7	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.6	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.2	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.64	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.43	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.64	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	2005	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	20060	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.21	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.41	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	2.16	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.61	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.11	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	2004	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.50	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.61	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.61	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.31	Trust: 0.3
vendor:	f secure	model:	anti-virus for citrix servers	scope:	eq	version:	5.5	Trust: 0.3
vendor:	f secure	model:	anti-virus for citrix servers	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.40	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.01	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.01	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.06	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.400	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.11	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.52	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.55	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.14	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.30	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.50	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.0	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.31	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange service release	scope:	eq	version:	6.301	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	2005	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.44	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	2004	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.50	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.51	Trust: 0.3
vendor:	f secure	model:	anti-virus for firewalls	scope:	eq	version:	6.20	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	20060	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux workstations	scope:	eq	version:	4.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.40	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.01	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.51	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.54	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux workstations	scope:	eq	version:	4.51	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	6.01	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.41	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.3	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.41	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.0	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	anti-virus for samba servers	scope:	eq	version:	4.62	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	solutions based on f-secure personal express	scope:	eq	version:	6.20	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.51	Trust: 0.3

sources: BID: 16309 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0338
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200601-264
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-16446
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-0338
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16446
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16446 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0338

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200601-264

EXTERNAL IDS

db:	BID	id:	16309	Trust: 2.0
db:	SECUNIA	id:	18529	Trust: 1.8
db:	NVD	id:	CVE-2006-0338	Trust: 1.7
db:	OSVDB	id:	22633	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0257	Trust: 1.7
db:	SECTRACK	id:	1015507	Trust: 1.7
db:	SECTRACK	id:	1015508	Trust: 1.7
db:	SECTRACK	id:	1015509	Trust: 1.7
db:	SECTRACK	id:	1015510	Trust: 1.7
db:	CNNVD	id:	CNNVD-200601-264	Trust: 0.7
db:	CIAC	id:	Q-103	Trust: 0.6
db:	XF	id:	24199	Trust: 0.6
db:	VULHUB	id:	VHN-16446	Trust: 0.1
db:	PACKETSTORM	id:	43189	Trust: 0.1

sources: VULHUB: VHN-16446 // BID: 16309 // PACKETSTORM: 43189 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

REFERENCES

url:	http://www.f-secure.com/security/fsc-2006-1.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/16309	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/q-103.shtml	Trust: 1.7
url:	http://www.osvdb.org/22633	Trust: 1.7
url:	http://securitytracker.com/id?1015507	Trust: 1.7
url:	http://securitytracker.com/id?1015508	Trust: 1.7
url:	http://securitytracker.com/id?1015509	Trust: 1.7
url:	http://securitytracker.com/id?1015510	Trust: 1.7
url:	http://secunia.com/advisories/18529	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/0257	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24199	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/0257	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24199	Trust: 0.6
url:	http://www.f-secure.com/	Trust: 0.3
url:	http://secunia.com/product/457/	Trust: 0.1
url:	http://secunia.com/product/454/	Trust: 0.1
url:	http://secunia.com/product/3334/	Trust: 0.1
url:	http://secunia.com/product/2718/	Trust: 0.1
url:	http://secunia.com/product/455/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/4299/	Trust: 0.1
url:	http://secunia.com/advisories/18529/	Trust: 0.1
url:	http://secunia.com/product/452/	Trust: 0.1
url:	http://secunia.com/product/6883/	Trust: 0.1
url:	http://secunia.com/product/4300/	Trust: 0.1
url:	http://secunia.com/product/5786/	Trust: 0.1
url:	http://secunia.com/product/3339/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/6885/	Trust: 0.1
url:	http://secunia.com/product/5198/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/3500/	Trust: 0.1
url:	http://secunia.com/product/6882/	Trust: 0.1
url:	http://secunia.com/product/3501/	Trust: 0.1
url:	http://secunia.com/product/4635/	Trust: 0.1
url:	http://secunia.com/product/3165/	Trust: 0.1
url:	http://secunia.com/product/3499/	Trust: 0.1
url:	http://secunia.com/product/451/	Trust: 0.1

sources: VULHUB: VHN-16446 // BID: 16309 // PACKETSTORM: 43189 // CNNVD: CNNVD-200601-264 // NVD: CVE-2006-0338

CREDITS

Thierry Zoller is credited with the discovery of these issues.

Trust: 0.9

sources: BID: 16309 // CNNVD: CNNVD-200601-264

SOURCES

db:	VULHUB	id:	VHN-16446
db:	BID	id:	16309
db:	PACKETSTORM	id:	43189
db:	CNNVD	id:	CNNVD-200601-264
db:	NVD	id:	CVE-2006-0338

LAST UPDATE DATE

2024-08-14T13:39:54.618000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16446	date:	2017-07-20T00:00:00
db:	BID	id:	16309	date:	2006-02-07T20:54:00
db:	CNNVD	id:	CNNVD-200601-264	date:	2006-08-16T00:00:00
db:	NVD	id:	CVE-2006-0338	date:	2017-07-20T01:29:40.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16446	date:	2006-01-21T00:00:00
db:	BID	id:	16309	date:	2006-01-19T00:00:00
db:	PACKETSTORM	id:	43189	date:	2006-01-19T17:33:40
db:	CNNVD	id:	CNNVD-200601-264	date:	2006-01-20T00:00:00
db:	NVD	id:	CVE-2006-0338	date:	2006-01-21T00:03:00