FKIE_CVE-2008-6085
Vulnerability from fkie_nvd - Published: 2009-02-06 11:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B028C22E-399E-4A90-9673-64E4D510273E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "1106DE08-DE9A-488B-8C5D-28E353CDEEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*",
"matchCriteriaId": "62204373-31FA-4F28-AA22-D4D6F3B80F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EC4EB-268A-4BB9-820D-AA3DB8D1A655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C319-313F-4CA5-9B37-D9860071E763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3858F1-B23F-4E45-BD23-C8262AD37F50",
"versionEndIncluding": "7.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D0AD44-C784-4019-B92C-A368092C815C",
"versionEndIncluding": "7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "D622E750-A9AB-4EF3-BC2F-D7C3FFE8C961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "85EEA770-211A-4568-BB9F-9FE76D7BFCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6FA161-27C8-40A5-BAF7-4907D67E3C82",
"versionEndIncluding": "5.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF7866B-1F6D-49C8-8013-2A6974D42D95",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8C775FD8-A757-41A6-BBC3-29BC9D2D12A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3E6352-6BF9-4FE6-A572-07A31972A28D",
"versionEndIncluding": "5.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9523BF6D-AF64-4CFE-B017-695B6BB175C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E77AB622-B899-46FD-9DFA-1964B57A9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DB2DD7-86DC-440A-B8D9-0A84034E808F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD6D628-460F-4AF7-971E-401D58E48AF1",
"versionEndIncluding": "5.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "66AB396E-475C-404F-BEE1-66DE9C3A7555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6FC4F-F768-43FF-9627-DF41CD7D799C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5AE9AF-11E3-4CC5-BEE7-6ED5CF6FCEA5",
"versionEndIncluding": "7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8FC353-E7D7-4097-B206-C0ACB654E0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "13A9FDBE-1AAD-435A-BECF-2871864EAFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4664D4A0-EB01-4274-9E1D-8EA5313F935A",
"versionEndIncluding": "2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C73ADB10-61D7-46E9-B293-1C798E297A5F",
"versionEndIncluding": "6.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89DC5D86-0C4A-4F94-83A2-DB21B868ACCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C788A5AB-C847-476C-9767-C6711F2D4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "3972C7F1-8B78-4A5D-8A75-C6CA01E997DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*",
"matchCriteriaId": "94858828-3626-4654-AB6A-597A49C79284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "D77467E5-A143-4720-93EE-29B399417065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6ED823-E3F3-4444-86B5-BBD6D711B5B9",
"versionEndIncluding": "7.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5B1FA4-33A1-4EAD-A20F-C9A4AD64939C",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB325A-39E6-4938-9761-D8DCD5A57C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2E6D2C-5520-41DE-AF1D-7E47F9A99CE7",
"versionEndIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6123A21D-BBB4-48D8-9701-7BFB637628C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C339068C-F74F-4B4B-AD15-09457CC85458",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F11E5127-4DC8-48A4-9AF5-1C148B71C7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB0D1BB-B119-4996-859A-39348AEF36B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "721447B1-F577-48AB-A312-34306C485866",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en m\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, y otros, cuando ha sido configurado para escanear ficheros comprimidos internamente, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero comprimido RPM manipulado, lo que provocar\u00e1 un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2008-6085",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-06T11:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32352"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31846"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021073"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2874"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…