Details of VAR-200802-0091

ID

VAR-200802-0091

CVE

CVE-2008-0792

TITLE

plural F-Secure Vulnerability that can prevent malware in anti-virus products

Trust: 0.8

sources: JVNDB: JVNDB-2008-002731

DESCRIPTION

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. F-Secure Anti-Virus is prone to a security bypass vulnerability. A remote attacker can bypass error checking with a well-crafted RAR program. Note: This vulnerability may be related to CVE-2008-0792. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: F-Secure Products CAB and RAR Archives Security Bypass SECUNIA ADVISORY ID: SA28919 VERIFY ADVISORY: http://secunia.com/advisories/28919/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: F-Secure Messaging Security Gateway P-Series http://secunia.com/product/8998/ F-Secure Messaging Security Gateway X-Series http://secunia.com/product/8997/ SOFTWARE: F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2007 http://secunia.com/product/14374/ F-Secure Anti-Virus 2008 http://secunia.com/product/17554/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2007 http://secunia.com/product/14375/ F-Secure Internet Security 2008 http://secunia.com/product/17555/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 7.x http://secunia.com/product/14381/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Workstations 7.x http://secunia.com/product/14226/ F-Secure Anti-Virus Linux Client Security 5.x http://secunia.com/product/14377/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Windows Servers 7.x http://secunia.com/product/14382/ F-Secure Anti-Virus Linux Server Security 5.x http://secunia.com/product/14376/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Microsoft Exchange 7.x http://secunia.com/product/14551/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality. The vulnerability is caused due to an error in the handling of CAB and RAR files and can be exploited to bypass the anti-virus scanning functionality via a specially crafted CAB or RAR file. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller of n.runs AG. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2008-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0792 // JVNDB: JVNDB-2008-002731 // BID: 85141 // VULHUB: VHN-30917 // PACKETSTORM: 63608

AFFECTED PRODUCTS

vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2008	Trust: 1.9
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2007	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	7.10	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	5.44	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for linux	scope:	eq	version:	4.65	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	7.10	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	7.01	Trust: 1.9
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	eq	version:	5.53	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	eq	version:	5.52	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	7.00	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	6.04	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	6.03	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2008	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2007	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006	Trust: 1.3
vendor:	f secure	model:	f-secure protection service for consumers	scope:	lte	version:	7.00	Trust: 1.0
vendor:	f secure	model:	f-secure protection service for business	scope:	lte	version:	3.00	Trust: 1.0
vendor:	f secure	model:	f-secure protection service for consumers	scope:	eq	version:	7.00	Trust: 0.9
vendor:	f secure	model:	f-secure protection service for business	scope:	eq	version:	3.00	Trust: 0.9
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006 to 2008	Trust: 0.8
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006 to 2008	Trust: 0.8
vendor:	f secure	model:	f-secure internet security second edition	scope:	eq	version:	2007	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus second edition	scope:	eq	version:	2007	Trust: 0.3

sources: BID: 85141 // JVNDB: JVNDB-2008-002731 // CNNVD: CNNVD-200802-310 // NVD: CVE-2008-0792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0792
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-0792
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200802-310
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-30917
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-0792
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-30917
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-30917 // JVNDB: JVNDB-2008-002731 // CNNVD: CNNVD-200802-310 // NVD: CVE-2008-0792

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-30917 // JVNDB: JVNDB-2008-002731 // NVD: CVE-2008-0792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-310

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200802-310

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002731

PATCH

title:

Security advisories

url:

http://www.f-secure.com/en/web/labs_global/security-advisories

Trust: 0.8

sources: JVNDB: JVNDB-2008-002731

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0792	Trust: 2.8
db:	SECTRACK	id:	1019413	Trust: 2.0
db:	SECTRACK	id:	1019405	Trust: 2.0
db:	SECTRACK	id:	1019412	Trust: 2.0
db:	SECUNIA	id:	28919	Trust: 1.8
db:	VUPEN	id:	ADV-2008-0544	Trust: 1.7
db:	XF	id:	40480	Trust: 0.9
db:	JVNDB	id:	JVNDB-2008-002731	Trust: 0.8
db:	CNNVD	id:	CNNVD-200802-310	Trust: 0.6
db:	BID	id:	85141	Trust: 0.4
db:	VULHUB	id:	VHN-30917	Trust: 0.1
db:	PACKETSTORM	id:	63608	Trust: 0.1

sources: VULHUB: VHN-30917 // BID: 85141 // JVNDB: JVNDB-2008-002731 // PACKETSTORM: 63608 // CNNVD: CNNVD-200802-310 // NVD: CVE-2008-0792

REFERENCES

url:	http://www.f-secure.com/security/fsc-2008-1.shtml	Trust: 2.1
url:	http://www.securitytracker.com/id?1019405	Trust: 2.0
url:	http://www.securitytracker.com/id?1019412	Trust: 2.0
url:	http://www.securitytracker.com/id?1019413	Trust: 2.0
url:	http://secunia.com/advisories/28919	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2008/0544/references	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/40480	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0792	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0792	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/0544/references	Trust: 0.6
url:	http://secunia.com/product/457/	Trust: 0.1
url:	http://secunia.com/product/454/	Trust: 0.1
url:	http://secunia.com/advisories/28919/	Trust: 0.1
url:	http://secunia.com/product/455/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/14377/	Trust: 0.1
url:	http://secunia.com/product/452/	Trust: 0.1
url:	http://secunia.com/product/6883/	Trust: 0.1
url:	http://secunia.com/product/5786/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	http://secunia.com/product/14382/	Trust: 0.1
url:	http://secunia.com/product/3339/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/17554/	Trust: 0.1
url:	http://secunia.com/product/5198/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/8997/	Trust: 0.1
url:	http://secunia.com/product/17555/	Trust: 0.1
url:	http://secunia.com/product/14374/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6882/	Trust: 0.1
url:	http://secunia.com/product/8998/	Trust: 0.1
url:	http://secunia.com/product/14376/	Trust: 0.1
url:	http://secunia.com/product/14375/	Trust: 0.1
url:	http://secunia.com/product/3165/	Trust: 0.1
url:	http://secunia.com/product/4635/	Trust: 0.1
url:	http://secunia.com/product/14226/	Trust: 0.1
url:	http://secunia.com/product/14381/	Trust: 0.1
url:	http://secunia.com/product/14551/	Trust: 0.1

sources: VULHUB: VHN-30917 // BID: 85141 // JVNDB: JVNDB-2008-002731 // PACKETSTORM: 63608 // CNNVD: CNNVD-200802-310 // NVD: CVE-2008-0792

CREDITS

Unknown

Trust: 0.3

sources: BID: 85141

SOURCES

db:	VULHUB	id:	VHN-30917
db:	BID	id:	85141
db:	JVNDB	id:	JVNDB-2008-002731
db:	PACKETSTORM	id:	63608
db:	CNNVD	id:	CNNVD-200802-310
db:	NVD	id:	CVE-2008-0792

LAST UPDATE DATE

2024-11-23T21:56:57.136000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-30917	date:	2017-08-08T00:00:00
db:	BID	id:	85141	date:	2008-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2008-002731	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200802-310	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0792	date:	2024-11-21T00:42:55.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-30917	date:	2008-02-15T00:00:00
db:	BID	id:	85141	date:	2008-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2008-002731	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	63608	date:	2008-02-14T00:18:22
db:	CNNVD	id:	CNNVD-200802-310	date:	2008-02-14T00:00:00
db:	NVD	id:	CVE-2008-0792	date:	2008-02-15T02:00:00