CVE-2004-2442
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:09
NMC    

[原文]Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.


[CNNVD]F-Secure Anti-Virus ZIP Archive Scanner绕过漏洞(CNNVD-200412-1124)

        各种各样的F-Secure Anti-Virus产品包含Workstation 5.43及其早期版本,Windows Servers 5.50及其早期版本,MIMEsweeper 5.50及其早期版本,Linux Servers和 Gateways的Anti-Virus 4.61及其早期版本,和其他产品存在多个解释错误。远程攻击者借助带有局部和总体头文件调到零的压缩文件绕过病毒保护。该漏洞不能阻止压缩文件在目标系统上被打开。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:f-secure:internet_gatekeeper:6.3
cpe:/a:f-secure:f-secure_personal_express:4.6
cpe:/a:f-secure:f-secure_personal_express:4.5
cpe:/a:f-secure:f-secure_anti-virus:4.51::linux_workstations
cpe:/a:f-secure:f-secure_anti-virus:5.43::workstations
cpe:/a:f-secure:f-secure_anti-virus:4.51::linux_servers
cpe:/a:f-secure:f-secure_anti-virus:5.0::linux_server_security
cpe:/a:f-secure:f-secure_anti-virus:5.42::windows_servers
cpe:/a:f-secure:f-secure_anti-virus:5.42::workstations
cpe:/a:f-secure:f-secure_anti-virus:5.0::linux_client_security
cpe:/a:f-secure:f-secure_anti-virus:2004
cpe:/a:f-secure:f-secure_anti-virus:4.61::linux_servers
cpe:/a:f-secure:f-secure_anti-virus:6.30_sr1::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:6.01::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:2005
cpe:/a:f-secure:f-secure_internet_security:2005
cpe:/a:f-secure:f-secure_anti-virus:4.52::linux_servers
cpe:/a:f-secure:internet_gatekeeper:2.6::linux
cpe:/a:f-secure:f-secure_anti-virus:6.2::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:5.55::client_security
cpe:/a:f-secure:f-secure_anti-virus:5.41::windows_servers
cpe:/a:f-secure:f-secure_anti-virus:5.5::client_security
cpe:/a:f-secure:internet_gatekeeper:6.31
cpe:/a:f-secure:internet_gatekeeper:6.32
cpe:/a:f-secure:f-secure_personal_express:4.7
cpe:/a:f-secure:f-secure_anti-virus:5.41::mimesweeper
cpe:/a:f-secure:f-secure_internet_security:2004
cpe:/a:f-secure:f-secure_anti-virus:4.52::linux_workstations
cpe:/a:f-secure:f-secure_personal_express:5.0
cpe:/a:f-secure:f-secure_anti-virus:4.52::linux_gateways
cpe:/a:f-secure:f-secure_anti-virus:5.42::mimesweeper
cpe:/a:f-secure:f-secure_anti-virus:5.41::workstations
cpe:/a:f-secure:f-secure_anti-virus:5.5::mimesweeper
cpe:/a:f-secure:f-secure_anti-virus:4.51::linux_gateways
cpe:/a:f-secure:f-secure_anti-virus:6.21::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:6.31::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:5.5::windows_servers
cpe:/a:f-secure:f-secure_anti-virus:4.61::linux_gateways
cpe:/a:f-secure:internet_gatekeeper:6.41
cpe:/a:f-secure:internet_gatekeeper:6.4
cpe:/a:f-secure:f-secure_for_firewalls:6.20
cpe:/a:f-secure:f-secure_anti-virus:5.52::client_security
cpe:/a:f-secure:f-secure_anti-virus:6.30::ms_exchange
cpe:/a:f-secure:f-secure_anti-virus:4.60::samba_servers

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2442
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2442
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1124
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/968818
(VENDOR_ADVISORY)  CERT-VN  VU#968818
http://xforce.iss.net/xforce/xfdb/18217
(PATCH)  XF  fsecure-zip-scan-bypass(18217)
http://www.securityfocus.com/bid/11732
(PATCH)  BID  11732
http://www.f-secure.com/security/fsc-2004-3.shtml
(VENDOR_ADVISORY)  CONFIRM  http://www.f-secure.com/security/fsc-2004-3.shtml
http://secunia.com/advisories/13263/
(PATCH)  SECUNIA  13263
http://www.ciac.org/ciac/bulletins/p-041.shtml
(VENDOR_ADVISORY)  CIAC  P-041

- 漏洞信息

F-Secure Anti-Virus ZIP Archive Scanner绕过漏洞
中危 其他
2004-12-31 00:00:00 2006-08-16 00:00:00
远程  
        各种各样的F-Secure Anti-Virus产品包含Workstation 5.43及其早期版本,Windows Servers 5.50及其早期版本,MIMEsweeper 5.50及其早期版本,Linux Servers和 Gateways的Anti-Virus 4.61及其早期版本,和其他产品存在多个解释错误。远程攻击者借助带有局部和总体头文件调到零的压缩文件绕过病毒保护。该漏洞不能阻止压缩文件在目标系统上被打开。

- 公告与补丁

        The vendor has released updates to address this vulnerability. A hotfix for F-Secure Internet Security 2004 and 2005, Anti-Virus 2004 and 2005, and Personal Express 5.00 and earlier is downloaded by these products automatically. Other fixes are available; please see the referenced advisory for further information in regard to obtaining and applying appropriate fixes.
        F-Secure Internet Gatekeeper for Linux 2.6
        
        F-Secure Anti-Virus for Linux Gateways 4.61
        
        
        F-Secure Anti-Virus Client Security 5.50
        
        F-Secure Anti-Virus Client Security 5.52
        
        F-Secure Anti-Virus Client Security 5.55
        
        F-Secure Anti-Virus for MS Exchange 6.0 1
        
        F-Secure F-Secure for Firewalls 6.20
        
        F-Secure Anti-Virus for MS Exchange 6.31
        
        F-Secure Internet Gatekeeper 6.41
        
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站