CERTA-2004-AVI-380
Vulnerability from certfr_avis
None
Description
Une vulnérabilité dans le traitement des archives au format ZIP permet à un programme malicieux, contenu à l'intérieur d'une archive au format ZIP habilement constituée, de ne pas être analysé et détecté.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.61 et versions précédentes ; | ||
| N/A | N/A | F-Secure Personal Express version 5.00 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Internet Gatekeeper for Linux version 2.06 et versions précédentes. | ||
| N/A | N/A | F-Secure Anti-Virus for Firewalls version 6.20 et versions précédentes ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers version 5.50 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Workstations version 4.52 et versions précédentes ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper version 6.41 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security version 5.55 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for MS Exchange version 6.01 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus 2004 et 2005 ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Samba Servers version 4.60 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MS Exchange version 6.31 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstation version 5.43 et versions précédentes ; | ||
| ESET | Internet Security | F-Secure Internet Security 2004 et 2005 ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Gateways version 4.61 et versions précédentes ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Personal Express version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux version 2.06 et versions pr\u00e9c\u00e9dentes.",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Firewalls version 6.20 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Workstations version 4.52 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper version 6.41 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security version 5.55 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.01 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2004 et 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Samba Servers version 4.60 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.31 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstation version 5.43 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2004 et 2005 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Gateways version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des archives au format ZIP permet \u00e0\nun programme malicieux, contenu \u00e0 l\u0027int\u00e9rieur d\u0027une archive au format\nZIP habilement constitu\u00e9e, de ne pas \u00eatre analys\u00e9 et d\u00e9tect\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2004-11-24T00:00:00",
"last_revision_date": "2004-11-24T00:00:00",
"links": [
{
"title": "Site Internet de F-Secure :",
"url": "http://www.f-secure.com"
}
],
"reference": "CERTA-2004-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 de l\u0027antivirus F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2004-3",
"url": "http://www.f-secure.com/security/fsc-2004-3.shtml"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…