Vulnerability Name:

CVE-2004-2442 (CCN-18217)

Assigned:2004-11-23
Published:2004-11-23
Updated:2017-07-11
Summary:Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2004-2442

Source: CCN
Type: SA13263
F-Secure Products Zip Archive Virus Detection Bypass Vulnerability

Source: SECUNIA
Type: Patch
13263

Source: CCN
Type: CIAC Information Bulletin P-041
F-Secure Zip Archive Bypasses Scanning

Source: CIAC
Type: Vendor Advisory
P-041

Source: CCN
Type: F-Secure Security Bulletin FSC-2004-3
ZIP-files with zero size may bypass scanning

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.f-secure.com/security/fsc-2004-3.shtml

Source: CCN
Type: US-CERT VU#968818
Anti-virus software may not properly scan malformed zip archives

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#968818

Source: BID
Type: Patch
11732

Source: CCN
Type: BID-11732
F-Secure Anti-Virus ZIP Archive Scanner Bypass Vulnerability

Source: XF
Type: UNKNOWN
fsecure-zip-scan-bypass(18217)

Source: XF
Type: UNKNOWN
fsecure-zip-scan-bypass(18217)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.61:*:linux_gateways:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.61:*:linux_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.0:*:linux_client_security:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.0:*:linux_server_security:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.5:*:mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.5:*:windows_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.43:*:workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.55:*:client_security:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.01:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.2:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.30:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.30_sr1:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.31:*:ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_personal_express:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:2.6:*:linux:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:f-secure:f-secure_anti-virus:4.60::samba_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:2.06::linux:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f-secure f-secure anti-virus 4.51
    f-secure f-secure anti-virus 4.51
    f-secure f-secure anti-virus 4.51
    f-secure f-secure anti-virus 4.52
    f-secure f-secure anti-virus 4.52
    f-secure f-secure anti-virus 4.52
    f-secure f-secure anti-virus 4.60
    f-secure f-secure anti-virus 4.61
    f-secure f-secure anti-virus 4.61
    f-secure f-secure anti-virus 5.0
    f-secure f-secure anti-virus 5.0
    f-secure f-secure anti-virus 5.5
    f-secure f-secure anti-virus 5.5
    f-secure f-secure anti-virus 5.5
    f-secure f-secure anti-virus 5.41
    f-secure f-secure anti-virus 5.41
    f-secure f-secure anti-virus 5.41
    f-secure f-secure anti-virus 5.42
    f-secure f-secure anti-virus 5.42
    f-secure f-secure anti-virus 5.42
    f-secure f-secure anti-virus 5.43
    f-secure f-secure anti-virus 5.52
    f-secure f-secure anti-virus 5.55
    f-secure f-secure anti-virus 6.01
    f-secure f-secure anti-virus 6.2
    f-secure f-secure anti-virus 6.21
    f-secure f-secure anti-virus 6.30
    f-secure f-secure anti-virus 6.30_sr1
    f-secure f-secure anti-virus 6.31
    f-secure f-secure anti-virus 2004
    f-secure f-secure anti-virus 2005
    f-secure f-secure for firewalls 6.20
    f-secure f-secure internet security 2004
    f-secure f-secure internet security 2005
    f-secure f-secure personal express 4.5
    f-secure f-secure personal express 4.6
    f-secure f-secure personal express 4.7
    f-secure f-secure personal express 5.0
    f-secure internet gatekeeper 2.6
    f-secure internet gatekeeper 6.3
    f-secure internet gatekeeper 6.4
    f-secure internet gatekeeper 6.31
    f-secure internet gatekeeper 6.32
    f-secure internet gatekeeper 6.41
    f-secure f-secure anti-virus 4.60
    f-secure internet gatekeeper 2.06
    f-secure internet gatekeeper 6.41
    redhat linux 7.3
    debian debian linux 3.0
    redhat linux 8.0
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    microsoft windows 2003 server *
    suse suse linux 9.1
    redhat enterprise linux 2.1