F-Secure Linux Security – FSC-2018-3 (Security Advisory)

Product Description:

F-Secure Linux Security provides core security capabilities for Linux environments: multi-engine anti-malware and built-in firewall management, in addition to vital Integrity Checking for endpoints and servers.

Vulnerability Discussion:

It is possible for a local non-root user to cause arbitrary system files to be renamed to *.virus, leading to a permanent corruption (DoS) of the operating system. This vulnerability affects F-Secure Linux Security and requires that an attacker has gained prior access to a non-privileged user account on the machine.

Vendor Contact Timeline:

2018-08-15: Vendor contacted via email.
2018-08-16: Vendor responds and opens internal case number.
2018-08-29: Vendor confirms vulnerability.
2018-10-16: Vendor issues security bulletin FSC-2018-3.
2018-10-16: Vendor informs us that patches have been released.
2018-10-16: RACK911 Labs issues security advisory.

About Us:


RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119