F-Secure RPM Parsing Integer Overflow RCE (FSC-2008-3)
High Nessus Plugin ID 35088
SynopsisAn antivirus application installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe version of F-Secure Anti-Virus installed on the remote host is affected by an integer overflow condition. Provided F-Secure is configured to scan inside compressed archives, an attacker can exploit this issue, via a specially crafted RPM file, to execute arbitrary code.
Note that, in a typical configuration, on-access scanning does not scan inside compressed archives.
SolutionApply the vendor-supplied patches.