Internet Security - F-Secure
BUY ONLINE
PRODUCTS
SUPPORT
DOWNLOADS
PRESS & NEWS
WEBLOG
CONTACTS

F-Secure Security Bulletin FSC-2005-2
Limited Directory Traversal Vulnerability in F-Secure Anti-Virus for
Microsoft Exchange and F-Secure Internet Gatekeeper

Date issued 2005-11-02
Risk factor Low/Medium (Low/Medium/High/Critical)
Brief description A limited directory traversal vulnerability can be exploited by bypassing the Web Console authentication. It is possible to gain a read access to a file on the local disk from allowed hosts. By default the connections are only allowed from the local host.

To solve the problem apply the appropriate hotfix.
Software F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper
Affected versions F-Secure Anti-Virus for Microsoft Exchange 6.40
F-Secure Internet Gatekeeper 6.42, 6.41, 6.40
Affected platforms All platforms supported by the affected products
Issue: A limited directory traversal vulnerability can be exploited by bypassing the Web Console authentication. It is possible to gain a read access to a file on the local disk from allowed hosts. By default the connections are only allowed from the local host.

To solve the problem apply the appropriate hotfix.

Products: F-Secure Anti-Virus for Microsoft Exchange 6.40
F-Secure Internet Gatekeeper 6.42
Scenario 1: Default configuration. Web Console is configured by default to accept connections only from the local host.
Risk Factor: Low

There is a possibility to exploit the limited directory traversal vulnerability from the local host.

To solve the problem apply the appropriate hotfix.

Scenario 2: If Web Console is configured to allow connections from specific/trusted hosts.
Risk Factor: Low

There is a possibility to exploit the limited directory traversal vulnerability from those hosts that the connections are allowed from.

To solve the problem apply the appropriate hotfix.

Scenario 3: If the Web Console is configured to allow connections from all hosts.
Risk Factor: Medium

There is a possibility to exploit the limited directory traversal vulnerability from all hosts.

To solve the problem apply the appropriate hotfix.

Products: F-Secure Internet Gatekeeper 6.41, 6.40
Risk Factor: Low

These versions contain the vulnerability but upgrading to the latest released versions and applying the hotfix will solve the issue.

F-Secure recommends upgrading to the latest released versions of the products: F-Secure Anti-Virus for Microsoft Exchange 6.40 and F-Secure Internet Gatekeeper 6.42.

Mitigating Factors:
  • This is not considered to be a major issue because Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are configured by default to accept local host connections only meaning that it is possible to access the Web Console only from the local machine.
  • It is not possible to browse the file system. The attacker must be aware of the path and the file name to be able to access a file.
  • The access rights gained are very limited. It is possible to gain only a read access to a file on the local disk.
Patch Availability:
ProductVersionsHotfix IDDownload
F-Secure Anti-Virus for Microsoft Exchange 6.40 Hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40:
ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-01.zip
 
F-Secure Internet Gatekeeper 6.42 Hotfix for the F-Secure Internet Gatekeeper 6.42:
ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk642-01.zip
 
F-Secure Internet Gatekeeper 6.41,
6.40		 Upgrade: F-Secure Internet Gatekeeper 6.42:
http://www.f-secure.com/anti-virus/webclub/fsigk.shtml

AND

Hotfix: see above.
 
Credits: We thank Mikko Korppi for bringing this issue to our attention.
Revision History: FSC-2005-2 - 2005-11-02

Contact Information:
Support:  http://support.f-secure.com/enu/home/contactus/
Security: http://www.f-secure.com/security/
URL:       http://www.f-secure.com/
Last modified:  20-Jan-2006