Vulnerability hits F-Secure gateway products

Flaw in OpenSSL could allow DoS on servers.

A vulnerability in OpenSSL software, used to access the administration interface in some F-Secure gateway and mail protection products, could allow remote attackers to carry out a denial of service attack on servers running the product, F-Secure have announced.

The OpenSSL flaw can also be used to gain remote system access in some cases, but F-Secure's implementation is only vulnerable to DoS attacks. The affected products are F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, versions 6.4 and up, and admins running this software are advised to update to ensure they are protected.

Both hotfixes for OpenSSL and updated versions of the F-Secure software are available. The original OpenSSL advisory is here, while F-Secure's alert, including links to fixed products versions, is here. A Secunia alert on the issue can be found here.

Posted on 29 November 2006 by Virus Bulletin.

Blog Archive

Old posts

Twitter Feed

virusbtn:New paper: Custom packer defeats multiple automation systems, by Symantec researcher Ke Zhang
Fri Sep 04 16:07:02

virusbtn:We have opened up DMs on this account to everyone. If email isn't your thing or if you want a quick answer, feel free to use that.
Thu Sep 03 15:48:59

Jobs Recruit Sidebar