CVE-2008-6085

Description

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

Affected products

• F-Secure / f-secure_anti-virus7.02 – 7.02
• F-Secure / f-secure_anti-virus2006 – 2006
• F-Secure / f-secure_anti-virus2007 – 2007
• F-Secure / f-secure_anti-virus2007 – 2007
• F-Secure / f-secure_anti-virus2008 – 2008
• F-Secure / f-secure_anti-virus2009 – 2009
• F-Secure / f-secure_anti-virus_for_citrix_servers7.00
• F-Secure / f-secure_anti-virus_for_microsoft_exchange7.10
• F-Secure / f-secure_anti-virus_for_microsoft_exchange6.62 – 6.62
• F-Secure / f-secure_anti-virus_for_microsoft_exchange7.00 – 7.00
• F-Secure / f-secure_anti-virus_for_mimesweeper5.61
• F-Secure / f-secure_anti-virus_for_windows_servers8.00
• F-Secure / f-secure_anti-virus_for_workstations7.10 – 7.10
• F-Secure / f-secure_anti-virus_for_workstations7.11 – 7.11
• F-Secure / f-secure_anti-virus_linux_client_security5.54
• F-Secure / f-secure_anti-virus_linux_client_security5.30 – 5.30
• F-Secure / f-secure_anti-virus_linux_client_security5.52 – 5.52
• F-Secure / f-secure_anti-virus_linux_client_security5.53 – 5.53
• F-Secure / f-secure_anti-virus_linux_server_security5.54
• F-Secure / f-secure_anti-virus_linux_server_security5.30 – 5.30
• F-Secure / f-secure_anti-virus_linux_server_security5.52 – 5.52
• F-Secure / f-secure_client_security7.12
• F-Secure / f-secure_client_security7.11 – 7.11
• F-Secure / f-secure_home_server_security2009 – 2009
• F-Secure / f-secure_internet_gatekeeper_for_linux2.16
• F-Secure / f-secure_internet_gatekeeper_for_windows6.61
• F-Secure / f-secure_internet_security7.02 – 7.02
• F-Secure / f-secure_internet_security2006 – 2006
• F-Secure / f-secure_internet_security2007 – 2007
• F-Secure / f-secure_internet_security2007 – 2007
• F-Secure / f-secure_internet_security2008 – 2008
• F-Secure / f-secure_internet_security2009 – 2009
• F-Secure / f-secure_linux_security7.01
• F-Secure / f-secure_messaging_security_gateway5.0.4
• F-Secure / f-secure_messaging_security_gateway4.0.7 – 4.0.7
• F-Secure / f-secure_protection_service_for_business3.10
• F-Secure / f-secure_protection_service_for_business3.00 – 3.00
• F-Secure / f-secure_protection_service_for_consumers8.00
• F-Secure / f-secure_protection_service_for_consumers5.00 – 5.00
• F-Secure / f-secure_protection_service_for_consumers6.00 – 6.00
• F-Secure / f-secure_protection_service_for_consumers7.00 – 7.00

References

• MISChttp://www.securityfocus.com/bid/31846
• MISChttp://www.securitytracker.com/id?1021073
• MISChttp://www.f-secure.com/security/fsc-2008-3.shtml
• VENDOR_ADVISORYhttp://secunia.com/advisories/32352
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2874
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46016