Vulnerability Name:

CVE-2008-6085 (CCN-46016)

Assigned:2008-10-21
Published:2008-10-21
Updated:2017-08-08
Summary:Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-6085

Source: CCN
Type: SA32352
F-Secure Products RPM Parsing Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
32352

Source: CCN
Type: SECTRACK ID: 1021073
F-Secure Anti-Virus Buffer Overflow in Scanning RPM Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: F-Secure Security Bulletin FSC-2008-3
RPM parsing vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml

Source: CCN
Type: OSVDB ID: 49189
F-Secure Multiple Products Crafted RPM File Handling Overflow

Source: BID
Type: UNKNOWN
31846

Source: CCN
Type: BID-31846
F-Secure Multiple Products RPM File Integer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021073

Source: VUPEN
Type: UNKNOWN
ADV-2008-2874

Source: XF
Type: UNKNOWN
fsecure-multipleproducts-rpm-bo(46016)

Source: XF
Type: UNKNOWN
fsecure-multipleproducts-rpm-bo(46016)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:* (Version <= 7.00)
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:* (Version <= 7.10)
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:* (Version <= 5.61)
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:* (Version <= 8.00)
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:* (Version <= 5.54)
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:* (Version <= 5.54)
  • OR cpe:/a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:* (Version <= 7.12)
  • OR cpe:/a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:* (Version <= 2.16)
  • OR cpe:/a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:* (Version <= 6.61)
  • OR cpe:/a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:* (Version <= 7.01)
  • OR cpe:/a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:* (Version <= 5.0.4)
  • OR cpe:/a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:* (Version <= 3.10)
  • OR cpe:/a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:* (Version <= 8.00)

    • Configuration CCN 1:
  • cpe:/a:f-secure:f-secure_anti-virus:5.41::mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.42::mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.31::ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:2.06::linux:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.40::ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.52::windows_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.52::citrix_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:6.60::ms_exchange:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.60:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:2.16:-:linux:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:7.00::windows_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:7.00::workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.44::workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.65::linux_gateways:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.61::mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:linux_security:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_gatekeeper_for_linux:2.16:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.42::workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.41::workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.40::workstations:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.41::mimesweeper:*:*:*:*:*
  • OR cpe:/a:f-secure:anti-virus:4.65:-:linux_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2.16::linux_gateways:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f-secure f-secure anti-virus 7.02
    f-secure f-secure anti-virus 2006
    f-secure f-secure anti-virus 2007
    f-secure f-secure anti-virus 2007
    f-secure f-secure anti-virus 2008
    f-secure f-secure anti-virus 2009
    f-secure f-secure anti-virus for citrix servers *
    f-secure f-secure anti-virus for microsoft exchange 6.62
    f-secure f-secure anti-virus for microsoft exchange 7.00
    f-secure f-secure anti-virus for microsoft exchange *
    f-secure f-secure anti-virus for mimesweeper *
    f-secure f-secure anti-virus for windows servers *
    f-secure f-secure anti-virus for workstations 7.10
    f-secure f-secure anti-virus for workstations 7.11
    f-secure f-secure anti-virus linux client security 5.30
    f-secure f-secure anti-virus linux client security 5.52
    f-secure f-secure anti-virus linux client security 5.53
    f-secure f-secure anti-virus linux client security *
    f-secure f-secure anti-virus linux server security 5.30
    f-secure f-secure anti-virus linux server security 5.52
    f-secure f-secure anti-virus linux server security *
    f-secure f-secure client security 7.11
    f-secure f-secure client security *
    f-secure f-secure home server security 2009
    f-secure f-secure internet gatekeeper for linux *
    f-secure f-secure internet gatekeeper for windows *
    f-secure f-secure internet security 7.02
    f-secure f-secure internet security 2006
    f-secure f-secure internet security 2007
    f-secure f-secure internet security 2007
    f-secure f-secure internet security 2008
    f-secure f-secure internet security 2009
    f-secure f-secure linux security *
    f-secure f-secure messaging security gateway 4.0.7
    f-secure f-secure messaging security gateway *
    f-secure f-secure protection service for business 3.00
    f-secure f-secure protection service for business *
    f-secure f-secure protection service for consumers 5.00
    f-secure f-secure protection service for consumers 6.00
    f-secure f-secure protection service for consumers 7.00
    f-secure f-secure protection service for consumers *
    f-secure f-secure anti-virus 5.41
    f-secure f-secure anti-virus 5.42
    f-secure f-secure anti-virus 6.31
    f-secure internet gatekeeper 2.06
    f-secure f-secure anti-virus 6.40
    f-secure internet gatekeeper 6.42
    f-secure internet gatekeeper 6.41
    f-secure f-secure anti-virus 5.52
    f-secure f-secure anti-virus 5.52
    f-secure internet gatekeeper 6.50
    f-secure f-secure anti-virus 6.60
    f-secure internet gatekeeper 6.60
    f-secure internet gatekeeper 2.16 -
    f-secure f-secure anti-virus 7.00
    f-secure f-secure anti-virus 7.00
    f-secure f-secure anti-virus 5.44
    f-secure f-secure anti-virus 4.65
    f-secure f-secure anti-virus 5.61
    f-secure linux security 7.01
    f-secure f-secure internet gatekeeper for linux 2.16
    f-secure f-secure anti-virus 5.42
    f-secure f-secure anti-virus 5.41
    f-secure f-secure anti-virus 5.40
    f-secure f-secure anti-virus 5.41
    f-secure anti-virus 4.65 -
    f-secure f-secure anti-virus 2.16