Product: F-Secure Linux Security
Type: Race Condition
Vulnerable Version: All Prior Versions
Fixed Version: 11.10
CVE Number: N/A
Impact: Low / Medium
F-Secure Linux Security provides core security capabilities for Linux environments: multi-engine anti-malware and built-in firewall management, in addition to vital Integrity Checking for endpoints and servers.
It is possible for a local non-root user to cause arbitrary system files to be renamed to *.virus, leading to a permanent corruption (DoS) of the operating system. This vulnerability affects F-Secure Linux Security and requires that an attacker has gained prior access to a non-privileged user account on the machine.
Vendor Contact Timeline
2018-08-15: Vendor contacted via email.
2018-08-16: Vendor responds and opens internal case number.
2018-08-29: Vendor confirms vulnerability.
2018-10-16: Vendor issues security bulletin FSC-2018-3.
2018-10-16: Vendor informs us that patches have been released.
2018-10-16: RACK911 Labs issues security advisory.