Vulnerability hits F-Secure gateway products

Flaw in OpenSSL could allow DoS on servers.

A vulnerability in OpenSSL software, used to access the administration interface in some F-Secure gateway and mail protection products, could allow remote attackers to carry out a denial of service attack on servers running the product, F-Secure have announced.

The OpenSSL flaw can also be used to gain remote system access in some cases, but F-Secure's implementation is only vulnerable to DoS attacks. The affected products are F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, versions 6.4 and up, and admins running this software are advised to update to ensure they are protected.

Both hotfixes for OpenSSL and updated versions of the F-Secure software are available. The original OpenSSL advisory is here, while F-Secure's alert, including links to fixed products versions, is here. A Secunia alert on the issue can be found here.

Posted on 29 November 2006 by Virus Bulletin.

 del.icio.us  digg this! digg this

Quick Links

Poll
Do current laws offer enough protection for ethical ('white-hat') hackers?
Yes, the current laws are fine
No, they prevent responsible disclosure of vulnerabilities
The current laws are too lax, we need to be stricter on hacking
I don't know
Leave a comment
View 4 comments

Cybersecurity for Chemical Industry

Virus Bulletin
In this month's magazine:
  • VBSpam comparative review March 2013
  • VB100 comparative review on SUSE Linux Enterprise Server 11
  • Java security in the era of BYOD
  • Ogee whiz
  • A deeper look into the ZeroAccess clickbot
  • Pushdo's new second generation
  • Shellcoding ARM: part 3
  • Phishing and fraud: the make-believe industry
Virus Bulletin 05 2013
Subscribe now!

Virus Bulletin currently has 227,267 registered users.