Details of VAR-200802-0141

ID

VAR-200802-0141

CVE

CVE-2008-0910

TITLE

plural F-Secure Vulnerability that can prevent malware in anti-virus products

Trust: 0.8

sources: JVNDB: JVNDB-2008-002758

DESCRIPTION

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. The problem is CVE-2008-0792 May be related toSkillfully crafted by a third party RAR Malware may be avoided through the archive. F-Secure Anti-Virus is prone to a security bypass vulnerability. A remote attacker can bypass error checking with a well-crafted RAR program. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: F-Secure Products CAB and RAR Archives Security Bypass SECUNIA ADVISORY ID: SA28919 VERIFY ADVISORY: http://secunia.com/advisories/28919/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: F-Secure Messaging Security Gateway P-Series http://secunia.com/product/8998/ F-Secure Messaging Security Gateway X-Series http://secunia.com/product/8997/ SOFTWARE: F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2007 http://secunia.com/product/14374/ F-Secure Anti-Virus 2008 http://secunia.com/product/17554/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2007 http://secunia.com/product/14375/ F-Secure Internet Security 2008 http://secunia.com/product/17555/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 7.x http://secunia.com/product/14381/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Workstations 7.x http://secunia.com/product/14226/ F-Secure Anti-Virus Linux Client Security 5.x http://secunia.com/product/14377/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Windows Servers 7.x http://secunia.com/product/14382/ F-Secure Anti-Virus Linux Server Security 5.x http://secunia.com/product/14376/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Microsoft Exchange 7.x http://secunia.com/product/14551/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality. The vulnerability is caused due to an error in the handling of CAB and RAR files and can be exploited to bypass the anti-virus scanning functionality via a specially crafted CAB or RAR file. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller of n.runs AG. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2008-1.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0910 // JVNDB: JVNDB-2008-002758 // BID: 85119 // VULHUB: VHN-31035 // PACKETSTORM: 63608

AFFECTED PRODUCTS

vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2007	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	eq	version:	5.53	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	eq	version:	5.52	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	7.10	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	7.00	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for workstations	scope:	eq	version:	5.44	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus for linux	scope:	eq	version:	4.65	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	7.10	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	7.01	Trust: 1.9
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2008	Trust: 1.3
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	6.04	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	6.03	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2008	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2007	Trust: 1.3
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006	Trust: 1.3
vendor:	f secure	model:	f-secure protection service for consumers	scope:	lte	version:	7.00	Trust: 1.0
vendor:	f secure	model:	f-secure protection service for business	scope:	lte	version:	3.00	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006 to 2008	Trust: 0.8
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006 to 2008	Trust: 0.8
vendor:	f secure	model:	f-secure protection service for consumers	scope:	eq	version:	7.00	Trust: 0.3
vendor:	f secure	model:	f-secure protection service for business	scope:	eq	version:	3.00	Trust: 0.3
vendor:	f secure	model:	f-secure internet security second edition	scope:	eq	version:	2007	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus second edition	scope:	eq	version:	2007	Trust: 0.3

sources: BID: 85119 // JVNDB: JVNDB-2008-002758 // CNNVD: CNNVD-200802-427 // NVD: CVE-2008-0910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0910
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-0910
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200802-427
value:	HIGH
Trust: 0.6
VULHUB:	VHN-31035
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-0910
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31035
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31035 // JVNDB: JVNDB-2008-002758 // CNNVD: CNNVD-200802-427 // NVD: CVE-2008-0910

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-31035 // JVNDB: JVNDB-2008-002758 // NVD: CVE-2008-0910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-427

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200802-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002758

PATCH

title:

Security advisories

url:

http://www.f-secure.com/en/web/labs_global/security-advisories

Trust: 0.8

sources: JVNDB: JVNDB-2008-002758

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0910	Trust: 2.8
db:	SECTRACK	id:	1019413	Trust: 2.0
db:	SECTRACK	id:	1019405	Trust: 2.0
db:	SECTRACK	id:	1019412	Trust: 2.0
db:	SECUNIA	id:	28919	Trust: 1.8
db:	VUPEN	id:	ADV-2008-0544	Trust: 1.7
db:	XF	id:	40480	Trust: 0.9
db:	JVNDB	id:	JVNDB-2008-002758	Trust: 0.8
db:	CNNVD	id:	CNNVD-200802-427	Trust: 0.7
db:	BID	id:	85119	Trust: 0.4
db:	VULHUB	id:	VHN-31035	Trust: 0.1
db:	PACKETSTORM	id:	63608	Trust: 0.1

sources: VULHUB: VHN-31035 // BID: 85119 // JVNDB: JVNDB-2008-002758 // PACKETSTORM: 63608 // CNNVD: CNNVD-200802-427 // NVD: CVE-2008-0910

REFERENCES

url:	http://www.f-secure.com/security/fsc-2008-1.shtml	Trust: 2.1
url:	http://www.securitytracker.com/id?1019405	Trust: 2.0
url:	http://www.securitytracker.com/id?1019412	Trust: 2.0
url:	http://www.securitytracker.com/id?1019413	Trust: 2.0
url:	http://secunia.com/advisories/28919	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2008/0544/references	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/40480	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0910	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0910	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/0544/references	Trust: 0.6
url:	http://secunia.com/product/457/	Trust: 0.1
url:	http://secunia.com/product/454/	Trust: 0.1
url:	http://secunia.com/advisories/28919/	Trust: 0.1
url:	http://secunia.com/product/455/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/14377/	Trust: 0.1
url:	http://secunia.com/product/452/	Trust: 0.1
url:	http://secunia.com/product/6883/	Trust: 0.1
url:	http://secunia.com/product/5786/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	http://secunia.com/product/14382/	Trust: 0.1
url:	http://secunia.com/product/3339/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/17554/	Trust: 0.1
url:	http://secunia.com/product/5198/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/8997/	Trust: 0.1
url:	http://secunia.com/product/17555/	Trust: 0.1
url:	http://secunia.com/product/14374/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6882/	Trust: 0.1
url:	http://secunia.com/product/8998/	Trust: 0.1
url:	http://secunia.com/product/14376/	Trust: 0.1
url:	http://secunia.com/product/14375/	Trust: 0.1
url:	http://secunia.com/product/3165/	Trust: 0.1
url:	http://secunia.com/product/4635/	Trust: 0.1
url:	http://secunia.com/product/14226/	Trust: 0.1
url:	http://secunia.com/product/14381/	Trust: 0.1
url:	http://secunia.com/product/14551/	Trust: 0.1

sources: VULHUB: VHN-31035 // BID: 85119 // JVNDB: JVNDB-2008-002758 // PACKETSTORM: 63608 // CNNVD: CNNVD-200802-427 // NVD: CVE-2008-0910

CREDITS

Unknown

Trust: 0.3

sources: BID: 85119

SOURCES

db:	VULHUB	id:	VHN-31035
db:	BID	id:	85119
db:	JVNDB	id:	JVNDB-2008-002758
db:	PACKETSTORM	id:	63608
db:	CNNVD	id:	CNNVD-200802-427
db:	NVD	id:	CVE-2008-0910

LAST UPDATE DATE

2024-11-23T21:56:57.172000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31035	date:	2017-08-08T00:00:00
db:	BID	id:	85119	date:	2008-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2008-002758	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200802-427	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0910	date:	2024-11-21T00:43:12.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31035	date:	2008-02-22T00:00:00
db:	BID	id:	85119	date:	2008-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2008-002758	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	63608	date:	2008-02-14T00:18:22
db:	CNNVD	id:	CNNVD-200802-427	date:	2008-02-22T00:00:00
db:	NVD	id:	CVE-2008-0910	date:	2008-02-22T22:44:00