|
Trend Micro ServerProtect Buffer Overflow Vulnerabilities
|
|
Secunia Advisory:
|
SA24243
|
|
|
Release Date:
|
2007-02-21
|
|
Last Update:
|
2007-05-11
|
|
Popularity:
|
9,070 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Trend Micro ServerProtect for EMC Celerra 5.x
Trend Micro ServerProtect for Network Appliance Filer 5.x
Trend Micro ServerProtect for Windows/NetWare 5.x
|
|
|
Binary Analysis:
|
BA39 :: Available for 1 Credit 
BA50 :: Available for 1 Credit
BA51 :: Available for 1 Credit
BA52 :: Available for 1 Credit
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-1070
|
|
Description:
TippingPoint Security Research Team has reported some vulnerabilities in Trend Micro ServerProtect, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error within the "CMON_NetTestConnection()" function in StCommon.dll can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request to the SpntSvc.exe service (default port 5168/TCP).
2) A boundary error within the "ENG_SendEMail()" function in eng50.dll can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request to the SpntSvc.exe service.
Successful exploitation of the vulnerabilities allows execution of arbitrary code with SYSTEM privileges.
The vulnerabilities are reported in the following versions:
* ServerProtect for Windows 5.58
* ServerProtect for EMC 5.58
* ServerProtect for Network Appliance Filer 5.61
* ServerProtect for Network Appliance Filer 5.62
Solution:
Apply patches.
ServerProtect for Windows 5.58 (English):
Apply Security Patch 1- Build 1171.
http://www.trendmicro.com/download/product.asp?productid=17
ServerProtect for Windows 5.58 (Traditional Chinese):
http://www.trendmicro.com.tw/support/...TC/spnt_558_win_tc_securitypatch2.zip
ServerProtect for Windows 5.58 (Simplified Chinese):
http://www.trendmicro.com/ftp/china/s...ct/spnt_558_win_sc_securitypatch2.exe
ServerProtect for Windows 5.58 (Japanese):
http://www.trendmicro.co.jp/download/product.asp?productid=17
ServerProtect for EMC 5.58 (English):
http://www.trendmicro.com/download/product.asp?productid=19&show=patch
ServerProtect for Network Appliance Filer 5.61 (English):
http://www.trendmicro.com/download/product.asp?productid=18
ServerProtect for Network Appliance Filer 5.62 (Japanese):
http://www.trendmicro.co.jp/download/product.asp?productid=18
Provided and/or discovered by:
Pedram Amini, TippingPoint Security Research Team.
Changelog:
2007-02-22: Added links to US-CERT.
2007-02-23: Updated "Solution" section as the patch issued for ServerProtect for Windows 5.58 only fixes some vulnerabilities.
2007-05-11: Updated "Description", "Other References", "Solution", and "Solution Status" sections to reflect vulnerabilities addressed by the fix.
Original Advisory:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
TippingPoint:
http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
Other References:
US-CERT VU#349393:
http://www.kb.cert.org/vuls/id/349393
US-CERT VU#730433:
http://www.kb.cert.org/vuls/id/730433
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
