===================================================================== CERT-Renater Note d'Information No. 2010/VULN540 _____________________________________________________________________ DATE : 16/12/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Solutions based on F-Secure Protection Service for Consumers version 9, Solutions based on F-Secure Protection Service for Business - Workstation security version 9, Solutions based on F-Secure Protection Service for Business - Email and Server Security version 9, Solutions based on F-Secure Protection Service for Business - Server Security version 9, F-Secure Internet Security 2010 and 2011, F-Secure Anti-Virus 2010 and 2011, F-Secure Client Security 9.00-9.01, F-Secure Anti-Virus for Workstations 9.00-9.01, F-Secure Anti-Virus for Windows Servers 9.00, F-Secure Anti-Virus for Citrix Servers 9.00. ====================================================================== http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-4.html ______________________________________________________________________ Security Advisory FSC-2010-4 Binary planting vulnerability Date issued 2010-12-15 Last updated 2010-12-15 Risk level High (Low/Medium/High/Critical) Brief description Under certain circumstances, an attacker can trick the system into executing a binary file that has been planted on a disk resource that the computer can access. Mitigating factors - A fix for the problem has been distributed through the update channel for some of the affected products in which cases no end user actions are required. - Exploiting the vulnerability requires the ability to write a file to a disk resource accessible by the target system. Affected platforms All platforms supported by the affected products. Products Solutions based on F-Secure Protection Service for Consumers version 9 Solutions based on F-Secure Protection Service for Business - Workstation security version 9 Solutions based on F-Secure Protection Service for Business - Email and Server Security version 9 Solutions based on F-Secure Protection Service for Business - Server Security version 9 F-Secure Internet Security 2010 and 2011 F-Secure Anti-Virus 2010 and 2011 Risk level High (Low/Medium/High/Critical) Notes These products are affected by the vulnerability, but the needed hotfix is distributed automatically by the update system. End users do not need to take any actions. Products F-Secure Client Security 9.00-9.01 F-Secure Anti-Virus for Workstations 9.00-9.01 F-Secure Anti-Virus for Windows Servers 9.00 F-Secure Anti-Virus for Citrix Servers 9.00 Risk level High (Low/Medium/High/Critical) Notes These products are affected by the vulnerability. Administrators should download and apply the hotfixes listed below. Advisory location http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-4.html Product Versions Download Solutions based on F-Secure Protection Service for Consumers 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. Solutions based on F-Secure Protection Service for Business - Workstation security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. Solutions based on F-Secure Protection Service for Business - Email and Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. Solutions based on F-Secure Protection Service for Business - Server Security 9 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. F-Secure Internet Security 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. F-Secure Anti-Virus 2010 and 2011 Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled. F-Secure Client Security 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.fsfix (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS900-HF02-signed.jar (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.fsfix (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVCS901-HF08-signed.jar (5065 KB) F-Secure Anti-Virus for Workstations 9.00-9.01 ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.fsfix (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS900-HF01-signed.jar (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.fsfix (5065 KB) ftp://ftp.f-secure.com/support/hotfix/fsavcs/FSAVWKS901-HF03-signed.jar (5065 KB) F-Secure Anti-Virus for Windows Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB) ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB) F-Secure Anti-Virus for Citrix Servers 9.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.fsfix (4953 KB) ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSRV900_HF08.jar (4953 KB) Revision history - Credits F-Secure Corporation wants to thank Simon Raner of ACROS Security (http://www.acrossecurity.com) for bringing this issue to our attention. Contact information Support: http://www.f-secure.com/en_EMEA/support/ Website: http://www.f-secure.com/ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================