F-Secure Security Bulletin FSC-2006-6: OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper

F-Secure Security Bulletin FSC-2006-6
OpenSSL denial of service vulnerability in F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper


Date issued 2006-11-29
Last updated 2006-11-29
Risk factor Medium (Low/Medium/High/Critical)
Brief description OpenSSL has released a security advisory on several vulnerabilities on OpenSSL. These vulnerabilities in OpenSSL can cause Denial of Service Attacks, buffer overflows or client crashes. F-Secure products are only affected by the possible ASN.1-related DoS attacks. (CVE-2006-2937)


Versions of F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper use OpenSSL in the administrator web interface. By default the access to the web interface is accepted only from the same host but it can be configured to be also accessible from the network.
Software F-Secure Anti-Virus for Microsoft Exchange
F-Secure Internet Gatekeeper
Affected versions F-Secure Anti-Virus for Microsoft Exchange 6.40 and 6.60
F-Secure Internet Gatekeeper 6.40, 6.41, 6.42, 6.50 and 6.60
Affected platforms All platforms supported by the affected products
Bulletin location http://www.f-secure.com/security/fsc-2006-6.shtml


Patches is available.  See download link and notes at http://www.f-secure.com/security/fsc-2006-6.shtml

Leave a Reply