F-Secure Products Zip Archive Virus Detection Bypass Vulnerability

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

A vulnerability has been reported in various F-Secure products, which
can be exploited by malware to bypass certain scanning functionality.

The vulnerability is caused due to an error when parsing “.zip”
archives and can be exploited via a specially crafted “.zip” archive,
which the scanner incorrectly calculates be of zero length.

Successful exploitation causes malware in a specially crafted “.zip”
archive to bypass the scanning functionality.

NOTE: This is not a critical issue on client systems, as the malware
still is detected when it is extracted.

The vulnerability affects the following products:
* F-Secure Internet Security 2004 and 2005
* F-Secure Anti-Virus 2004 and 2005
* F-Secure Anti-Virus for Workstation version 5.43 and earlier
* F-Secure Anti-Virus for Windows Servers version 5.50 and earlier
* F-Secure Anti-Virus for Linux Workstations version 4.52 and
earlier
* F-Secure Anti-Virus for Linux Servers version 4.61 and earlier
* F-Secure Anti-Virus for Samba Servers version 4.60
* F-Secure Anti-Virus Linux Client Security 5.00
* F-Secure Anti-Virus for MIMEsweeper version 5.50 and earlier
* F-Secure Anti-Virus Client Security version 5.55 and earlier
* F-Secure Internet Gatekeeper version 6.41 and earlier
* F-Secure Anti-Virus for Firewalls version 6.20 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.31 and earlier
* F-Secure Anti-Virus for MS Exchange version 6.01 and earlier
* F-Secure Anti-Virus for Linux Gateways version 4.61 and earlier
* F-Secure Internet Gatekeeper for Linux 2.06 and earlier
* F-Secure Anti-Virus Linux Server Security 5.00
* Solutions based on F-Secure Personal Express version 5.00 and
earlier

SOLUTION:
See patch matrix in original advisory.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.f-secure.com/security/fsc-2004-3.shtml