FSC-2020-3

Multiple Buffer Overflow Vulnerabilities in F-Secure Linux Security

More information

A vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products allows multiple buffer overflows if the input is larger than the destination. The exploit can be triggered locally by an attacker. A successful attack can lead to local privilege escalation. 

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Contributors

F-Secure Corporation would like to thank Gustav Larsson (https://gustavlarsson.fi) for bringing this issue to our attention.

Antti Levomäki

Forcepoint

Twitter

Christian Jalio

Forcepoint

Twitter

    Description

  • Multiple buffer overflow vulnerabilities can lead local privilege escalation.
  • Status

  • Resolved
  • Risk level

  • Medium
  • Fix

  • Hotfix 10 has been published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
  • Affected products

  • Corporate Products: F-Secure Linux Security version 11.xx F-Secure PSB Linux Security version 11.xx F-Secure Policy Manager for Linux 11.xx
  • Platforms

  • All supported platforms of the affected products
  • Date issues

  • 12/11/2020
  • Security advisories
  • 2020
  • Medium