CVE-2006-0338

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.f-secure.com/security/fsc-2006-1.shtml	Patch
http://www.securityfocus.com/bid/16309	Patch
http://secunia.com/advisories/18529	Patch Vendor Advisory
http://www.osvdb.org/22633
http://securitytracker.com/id?1015507
http://securitytracker.com/id?1015508
http://securitytracker.com/id?1015509
http://securitytracker.com/id?1015510
http://www.ciac.org/ciac/bulletins/q-103.shtml
http://www.vupen.com/english/advisories/2006/0257
https://exchange.xforce.ibmcloud.com/vulnerabilities/24199

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2005:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.62::samba_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::citrix_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.0::linux_client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::client_security:::::
	cpe:2.3:a:f-secure:f-secure_personal_express:4.6:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_personal_express:4.7:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::mimesweeper:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.42:::::::*
	cpe:2.3:a:f-secure:f-secure_personal_express:4.5:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.11::linux_server_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.2::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.21::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2003:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:6.32:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.44::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.40::ms_exchange:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.14::linux:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.2::firewalls:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_workstations:::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2005:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:6.41:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.55::client_security:::::
	cpe:2.3:a:f-secure:f-secure_personal_express:5.0:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.31::ms_exchange:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.06::linux:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.11::linux_client_security:::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.43::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.0::linux_server_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.60::samba_servers:::::

Information

Published : 2006-01-20 16:03

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0338

Mitre link : CVE-2006-0338

JSON object : View

CWE

NVD-CWE-Other

Products Affected

f-secure

internet_gatekeeper
f-secure_anti-virus
f-secure_internet_security
f-secure_personal_express

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.f-secure.com/security/fsc-2006-1.shtml", "name": "http://www.f-secure.com/security/fsc-2006-1.shtml", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/16309", "name": "16309", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18529", "name": "18529", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/22633", "name": "22633", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015507", "name": "1015507", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015508", "name": "1015508", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015509", "name": "1015509", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015510", "name": "1015510", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.ciac.org/ciac/bulletins/q-103.shtml", "name": "Q-103", "tags": [], "refsource": "CIAC"}, {"url": "http://www.vupen.com/english/advisories/2006/0257", "name": "ADV-2006-0257", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24199", "name": "fsecure-rar-zip-scan-bypass(24199)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0338", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-01-21T00:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.62:*:samba_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:citrix_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.11:*:linux_server_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.44:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:2.14:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:firewalls:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.55:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_personal_express:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.31:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:2.06:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.11:*:linux_client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.43:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_server_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}

5.0 /10