FSC-2020-2

A local user can rename or delete arbitrary files owned by root in Linux Security.

More information

It is possible for a local non-root user to cause arbitrary system files to be renamed or deleted, leading to a permanent corruption (DoS) of the operating system or to disabled antivirus software. This requires that an attacker has gained prior access to a non-privileged user account on the machine. This vulnerability affects F-Secure Linux Security 11-series and F-Secure Linux Security 64.

Technical details are available from the researcher's website:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/

Note: No known attacks have been reported or observed in the wild.

Antti Levomäki

Forcepoint

Twitter

Christian Jalio

Forcepoint

Twitter

    Description

  • A local user can rename or delete arbitrary files owned by root in Linux Security.
  • Status

  • Resolved
  • Risk level

  • Low
  • Fix

  • Hotfix 9 was published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
  • Affected products

  • Corporate Products: F-Secure Linux Security Version 11.00 F-Secure Linux Security Version 11.10 F-Secure Linux Security 64
  • Platforms

  • All supported platforms of the affected products
  • Date issues

  • 19/5/2020
  • Security advisories
  • 2020
  • Low