F-Secure Linux Security – FSC-2018-3 (Security Advisory)

============================================================

Product: F-Secure Linux Security

OS: Linux

URL: https://www.f-secure.com

Type: Race Condition

Vulnerable Version: All Prior Versions

Fixed Version: 11.10

CVE Number: N/A

Impact: Low / Medium

Date: 2018-10-16

============================================================

Product Description

F-Secure Linux Security provides core security capabilities for Linux environments: multi-engine anti-malware and built-in firewall management, in addition to vital Integrity Checking for endpoints and servers.

Vulnerability Description

It is possible for a local non-root user to cause arbitrary system files to be renamed to *.virus, leading to a permanent corruption (DoS) of the operating system. This vulnerability affects F-Secure Linux Security and requires that an attacker has gained prior access to a non-privileged user account on the machine.

Vendor Contact Timeline

2018-08-15: Vendor contacted via email.

2018-08-16: Vendor responds and opens internal case number.

2018-08-29: Vendor confirms vulnerability.

2018-10-16: Vendor issues security bulletin FSC-2018-3.

2018-10-16: Vendor informs us that patches have been released.

2018-10-16: RACK911 Labs issues security advisory.

Reference(s)

https://www.f-secure.com/en/web/labs_global/fsc-2018-3

Leave a Reply

Your email address will not be published. Required fields are marked *