F-Secure web console buffer overflow - SANS Internet Storm Center

SANS ISC: F-Secure web console buffer overflow - SANS Internet Storm Center

SANS Site Network
- Current Site
- SANS Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

SANS ISC InfoSec Forums

F-Secure web console buffer overflow

The folks at F-Secure issued a bulletin today highlighting a buffer overflow in the web console feature of F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper. F-Secure rates this vulnerability as high in the cases where the web console is configured to only allow connections from localhost or specific trusted hosts and critical if configured to allow connections from all hosts. They have released patches, the table below is taken directly from their advisory.

Patch availability:

Product	Versions	Hotfix ID	Download
F-Secure Anti-Virus for Microsoft Exchange	6.40	Apply hotfix for F-Secure Anti-Virus for Microsoft Exchange 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip
F-Secure Internet Gatekeeper	6.50	Upgrade to F-Secure Internet Gatekeeper 6.60 or Apply hotfix for the F-Secure Internet Gatekeeper 6.50: ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip
F-Secure Internet Gatekeeper	6.42, 6.41, 6.40	Upgrade to F-Secure Internet Gatekeeper 6.60