Vulnerability hits F-Secure gateway products

Flaw in OpenSSL could allow DoS on servers.

A vulnerability in OpenSSL software, used to access the administration interface in some F-Secure gateway and mail protection products, could allow remote attackers to carry out a denial of service attack on servers running the product, F-Secure have announced.

The OpenSSL flaw can also be used to gain remote system access in some cases, but F-Secure's implementation is only vulnerable to DoS attacks. The affected products are F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, versions 6.4 and up, and admins running this software are advised to update to ensure they are protected.

Both hotfixes for OpenSSL and updated versions of the F-Secure software are available. The original OpenSSL advisory is here, while F-Secure's alert, including links to fixed products versions, is here. A Secunia alert on the issue can be found here.

Posted on 29 November 2006 by Virus Bulletin.