Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

F-Secure Corporation Information for VU#845620

Date Notified:2006-09-08
Date Updated:
Statement Date:
Status Summary:Not Vulnerable

Vendor Statement

F-Secure antivirus products are not vulnerable. The list of non-vulnerable products includes F-Secure Anti-Virus, F-Secure Internet Security, F-Secure Client Security, F-Secure Server Security, F-Secure Mobile Security, F-Secure Messaging Security Gateway, F-Secure Network Control, and all other products in F-Secure small business and corporate suites, also listed at http://www.f-secure.com/enterprises/products/.

F-Secure VPN+ versions up to version 6.12 are vulnerable in installations that use PKI CA issued certificates, which use third-party generated keys. The RSA key generator in F-Secure products has never allowed the generation of RSA keys with a public exponent of 3. This means that keys created with F-Secure tools cannot be used to mount an attack against F-Secure products or other systems.

The F-Secure SSH product line is exclusively distributed by Attachmate under the Reflection for Secure IT brand. Please see the vendor statement from Attachmate for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information