certfr_avis - certa-2009-avi-465

CERTA-2009-AVI-465

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans les produits F-Secure permet de contourner le mécanisme de détection des codes malveillants.

Description

Une vulnérabilité a été découverte dans le traitement des fichiers au format PDF par les produits F-Secure. L'exploitation de cette vulnérabilité permet de contourner le mécanisme de détection des codes malveillants.

Solution

Le problème est corrigé via la mise à jour automatique des définitions de code malveillant. Néanmoins, pour les systèmes sur lesquels cette mise à jour est désactivé, ou pour ceux non connectés à l'Internet, cette opération doit être effectuée manuellement.

None

Impacted products

Vendor	Product	Description
N/A	N/A	F-Secure Anti-Virus for Linux Servers version 4.65 ;
N/A	N/A	solutions basées sur F-Secure Protection Service for Consumers versions 8.00 et antérieures ;
N/A	N/A	F-Secure Internet Gatekeeper for Linux Japanese versions 2.37 et antérieures ;
N/A	N/A	F-Secure Internet Gatekeeper for Linux versions 3.02 et antérieures ;
ESET	Security	F-Secure Linux Security versions 7.02 et antérieures ;
Microsoft	Windows	F-Secure Internet Gatekeeper for Windows versions 6.61 et antérieures ;
N/A	N/A	F-Secure Anti-Virus versions 2009 et antérieures ;
N/A	N/A	F-Secure Anti-Virus for Workstations versions 8.0 et antérieures ;
Microsoft	N/A	F-Secure Anti-Virus for Microsoft Exchange versions 8.00 et antérieures ;
ESET	Server Security	F-Secure Anti-Virus Linux Server Security versions 5.54 et antérieures ;
ESET	Server Security	F-Secure Home Server Security version 2009 ;
N/A	N/A	F-Secure Anti-Virus for MIMEsweeper versions 5.61 et antérieures.
ESET	Server Security	solutions basées sur F-Secure Protection Service for Business - E-mail and Server security versions 8.00 et antérieures ;
Citrix	N/A	F-Secure Anti-Virus for Citrix Servers versions 7.00 et antérieures ;
ESET	Internet Security	F-Secure Internet Security versions 2009 et antérieures ;
Microsoft	Windows	F-Secure Anti-Virus for Windows Servers versions 8.00 et antérieures ;
ESET	Security	F-Secure Client Security versions 8.01 et antérieures ;
ESET	Security	F-Secure Anti-Virus Linux Client Security versions 5.54 et antérieures ;
ESET	Security	solutions basées sur F-Secure Protection Service for Business - Workstation security versions 8.00 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité FSC-2009-3 du 29 octobre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "F-Secure Anti-Virus for Linux Servers version 4.65 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "solutions bas\u00e9es sur F-Secure Protection Service for Consumers versions 8.00 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Internet Gatekeeper for Linux Japanese versions 2.37 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Internet Gatekeeper for Linux versions 3.02 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Linux Security versions 7.02 et ant\u00e9rieures ;",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Internet Gatekeeper for Windows versions 6.61 et ant\u00e9rieures ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus versions 2009 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus for Workstations versions 8.0 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus for Microsoft Exchange versions 8.00 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus Linux Server Security versions 5.54 et ant\u00e9rieures ;",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Home Server Security version 2009 ;",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus for MIMEsweeper versions 5.61 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "solutions bas\u00e9es sur F-Secure Protection Service for Business - E-mail and Server security versions 8.00 et ant\u00e9rieures ;",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus for Citrix Servers versions 7.00 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Internet Security versions 2009 et ant\u00e9rieures ;",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus for Windows Servers versions 8.00 et ant\u00e9rieures ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Client Security versions 8.01 et ant\u00e9rieures ;",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "F-Secure Anti-Virus Linux Client Security versions 5.54 et ant\u00e9rieures ;",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "solutions bas\u00e9es sur F-Secure Protection Service for Business - Workstation security versions 8.00 et ant\u00e9rieures ;",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des fichiers au\nformat PDF par les produits F-Secure. L\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9 permet de contourner le m\u00e9canisme de d\u00e9tection des codes\nmalveillants.\n\n## Solution\n\nLe probl\u00e8me est corrig\u00e9 via la mise \u00e0 jour automatique des d\u00e9finitions\nde code malveillant. N\u00e9anmoins, pour les syst\u00e8mes sur lesquels cette\nmise \u00e0 jour est d\u00e9sactiv\u00e9, ou pour ceux non connect\u00e9s \u00e0 l\u0027Internet,\ncette op\u00e9ration doit \u00eatre effectu\u00e9e manuellement.\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2009-AVI-465",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans les produits \u003cspan class=\"textit\"\u003eF-Secure\u003c/span\u003e\npermet de contourner le m\u00e9canisme de d\u00e9tection des codes malveillants.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FSC-2009-3 du 29 octobre 2009",
      "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-3.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted