Vulnerability hits F-Secure gateway products

Flaw in OpenSSL could allow DoS on servers.

A vulnerability in OpenSSL software, used to access the administration interface in some F-Secure gateway and mail protection products, could allow remote attackers to carry out a denial of service attack on servers running the product, F-Secure have announced.

The OpenSSL flaw can also be used to gain remote system access in some cases, but F-Secure's implementation is only vulnerable to DoS attacks. The affected products are F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper, versions 6.4 and up, and admins running this software are advised to update to ensure they are protected.

Both hotfixes for OpenSSL and updated versions of the F-Secure software are available. The original OpenSSL advisory is here, while F-Secure's alert, including links to fixed products versions, is here. A Secunia alert on the issue can be found here.

Posted on 29 November 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Welcome to virusbulletin.com

Almost 20 years after Virus Bulletin revealed its first site on the "world wide web", we've redesigned our whole website. And we have a new domain as well.

VB2015 video: TurlaSat: The Fault in our Stars

In a presentation at VB2015 in Prague, Kaspersky Lab researcher Kurt Baumgartner talked about Turla's extraplanetary activities: the malware used (and abused) satellite Internet connections for command and control communication.

Security vendors should embrace those hunting bugs in their products

When interviewed by the Risky Business podcast last week, VB Editor Martijn Grooten talked about the security of security products and said that many vendors are embracing the work done by Tavis Ormandy and others - as they should.

More VB Conference papers and videos published

More VB2014 Conference papers and videos published - 11 papers and 9 videos added to our website.

Throwback Thursday: Peter-II - Three Questions of The Sphinx

This Throwback Thursday, VB heads back to 1993, when an ordinary memory-resident master boot sector virus spiced things up with a bit of pop trivia.