Severity: MEDIUM
Description: A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVSS Score: 4.6
D
No data available.
No data available.
1. Risk Assessment
The vulnerability, a Denial-of-Service (DoS) in F-Secure Linux Security, stemming from the Fmlib component crashing when scanning fuzzed files, presents a medium risk. The nature of the vulnerability means an attacker can disrupt the Anti-Virus engine, potentially impacting system performance and availability. While confidentiality and integrity are only impacted at a low level (potentially some information leakage during the crash), the availability impact is more significant. The likelihood of exploitation is moderate, as it requires sending specifically crafted, fuzzed files, but is achievable remotely. The ease of exploitation is also moderate, requiring some effort to create effective fuzzed files. The business impact could range from minor performance degradation to a complete outage of the Anti-Virus engine, depending on the frequency and effectiveness of the attacks. This could lead to increased risk of malware infection if the AV engine is unavailable, and disruption to business processes reliant on the security product. The EPSS score of 0.002420000 suggests a relatively low probability of exploitation in the wild, but the impact warrants attention.
2. Potential Attack Scenarios
An attacker could leverage this vulnerability by sending a series of specially crafted, fuzzed files to a system protected by F-Secure Linux Security. The attack vector is network-based, meaning the attacker can initiate the attack remotely, likely via email attachment, web download, or network share. The attack process involves the attacker creating fuzzed files – files with slightly altered data designed to cause unexpected behavior – and delivering them to the target system. When the F-Secure Anti-Virus engine scans these files, the Fmlib component crashes, leading to a Denial-of-Service. Potential outcomes include: the Anti-Virus engine becoming unresponsive, slowing down system performance while the engine restarts, and potentially allowing malicious files to bypass scanning if the engine is consistently overwhelmed. Repeated attacks could lead to prolonged periods of reduced security coverage.
3. Mitigation Recommendations
The primary mitigation is to update to the Pisces release 2022-02-23_01, which includes the fix for this vulnerability. F-Secure products should be configured to automatically update, ensuring the latest fixes are applied. Immediate action should be taken to ensure all affected systems are updated. Beyond patching, consider reviewing network traffic for suspicious file uploads or downloads that might be indicative of an attack. Monitor system performance for unexpected slowdowns or crashes of the Anti-Virus engine. Consult the F-Secure security advisory for further details and specific instructions: https://www.f-secure.com/en/business/support-and-downloads/security-advisories.
4. Executive Summary
F-Secure Linux Security, along with several other F-Secure products, is vulnerable to a Denial-of-Service attack. This vulnerability allows an attacker to crash the Anti-Virus engine by sending specially crafted files. While not a critical vulnerability, a successful attack could disrupt security coverage and impact system performance. The good news is that the vulnerability has been patched with the Pisces release 2022-02-23_01, and the fix is delivered automatically through updates. It's important to ensure all affected systems are updated to the latest version to prevent potential disruptions. Addressing this vulnerability ensures continued protection against malware and minimizes the risk of business interruption. Prompt patching is recommended to maintain optimal security posture.