Summary
| Detail | |||
|---|---|---|---|
| Vendor | F-Secure | First view | 2004-09-09 |
| Product | Internet Gatekeeper | Last view | 2022-03-01 |
| Version | 6.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:f-secure:internet_gatekeeper | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2022-03-01 | CVE-2021-44747 | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. |
| 5.3 | 2022-02-09 | CVE-2021-40837 | A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. |
| 5.5 | 2020-02-22 | CVE-2020-9342 | The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. |
| 5 | 2010-04-15 | CVE-2010-1425 | F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. |
| 6.8 | 2009-05-22 | CVE-2009-1782 | Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. |
| 9.3 | 2007-06-20 | CVE-2007-3300 | Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. |
| 10 | 2007-05-31 | CVE-2007-2967 | Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. |
| 7.5 | 2007-05-31 | CVE-2007-2966 | Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. |
| 7.2 | 2007-05-31 | CVE-2007-2965 | Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." |
| 7.5 | 2006-01-20 | CVE-2006-0337 | Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. |
| 7.5 | 2005-05-02 | CVE-2005-0350 | Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive. |
| 5 | 2004-12-31 | CVE-2004-2442 | Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. |
| 6.4 | 2004-12-31 | CVE-2004-2405 | Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. |
| 7.5 | 2004-10-20 | CVE-2004-0162 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. |
| 7.5 | 2004-10-20 | CVE-2004-0161 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients. |
| 7.5 | 2004-10-20 | CVE-2004-0053 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients. |
| 7.5 | 2004-10-20 | CVE-2004-0052 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients. |
| 7.5 | 2004-10-20 | CVE-2004-0051 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients. |
| 7.5 | 2004-10-20 | CVE-2003-1016 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients. |
| 7.5 | 2004-10-20 | CVE-2003-1015 | Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients. |
| 5 | 2004-09-09 | CVE-2004-0830 | The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-436 | Interpretation Conflict |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 63811 | F-Secure Multiple Products Multiple Archive Files Detection Bypass |
| 54686 | F-Secure Multiple Products RAR Archive Scanning Bypass |
| 54685 | F-Secure Multiple Products ZIP Archive Scanning Bypass |
| 36729 | F-Secure Anti-Virus Crafted RAR File Scanning Bypass |
| 36728 | F-Secure Anti-Virus Crafted LHA File Scanning Bypass |
| 36727 | F-Secure Multiple Products Real-time Scanning Component Crafted IRP Packet L... |
| 36726 | F-Secure Anti-Virus FSG File Handling DoS |
| 36725 | F-Secure Anti-Virus ARJ File Handling DoS |
| 36724 | F-Secure Anti-Virus LHA Decompresion Component File Handling Overflow |
| 22632 | F-Secure Anti-Virus ZIP Archive Processing Overflow |
| 16037 | Multiple Content Monitor Software Malformed Whitespace MIME Message Filter By... |
| 16036 | Multiple Content Monitor Software RFC2047 MIME Message Filter Bypass |
| 16035 | Multiple Content Monitor Software RFC822 Comment Field MIME Encapsulation Fil... |
| 13704 | F-Secure Multiple Products ARJ Archive Handling Overflow |
| 10963 | Multiple Anti-Virus Zero Compressed Size Header Detection Bypass |
| 10917 | Multiple Content Monitor Software RFC2231 Encoding Filter Bypass |
| 10916 | Multiple Content Monitor Software Multiple Content-Transfer-Encoding Value By... |
| 10915 | Multiple Content Monitor Software Malformed MIME Header Bypass |
| 10343 | Multiple Content Monitor Software MIME Decoding Malformed Separators Filter B... |
| 9818 | F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception H... |
| 9790 | F-Secure Internet Gatekeeper Content Scanner Server Exception Handling DoS |
| 6423 | F-Secure Anti-Virus Products LHA Archive Processing Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-06-17 | Name : F-Secure Products Security Bypass Vulnerability (Linux) File : nvt/secpod_fsecure_prdts_sec_bypass_vuln_lin.nasl |
| 2009-06-17 | Name : F-Secure Products Malware Detection Bypass Vulnerability (Win) File : nvt/secpod_fsecure_prdts_sec_bypass_vuln_win.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | F-Secure AntiVirus library heap overflow attempt RuleID : 15583 - Type : FILE-OTHER - Revision : 10 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-04-14 | Name: An antivirus application installed on the remote host is affected by a scan e... File: fsecure_fsc_2010_01.nasl - Type: ACT_GATHER_INFO |
| 2009-05-10 | Name: An antivirus application installed on the remote host is affected by a scan e... File: fsecure_fsc_2009_01.nasl - Type: ACT_GATHER_INFO |
| 2006-01-24 | Name: An antivirus application installed on the remote host is affected by multiple... File: fsecure_archive_overflows.nasl - Type: ACT_GATHER_INFO |
| 2004-11-02 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2004-118.nasl - Type: ACT_GATHER_INFO |
