|
 |
|
Trend Micro OfficeScan CGI Modules Buffer Overflow and Authentication Bypass
|
|
|
|
|
Secunia Advisory:
|
SA25778
|
|
|
Release Date:
|
2007-06-26
|
|
Last Update:
|
2007-07-17
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Trend Micro Client Server Messaging Security for SMB 2.x
Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 6.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
|
| | CVE reference: | CVE-2007-3454 (Secunia mirror)
CVE-2007-3455 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Two vulnerabilities have been reported in Trend Micro OfficeScan, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
1) A boundary error within CGIOCommon.dll can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request.
Successful exploitation allows execution of arbitrary code.
2) An error within cgiChkMasterPwd.exe can be exploited to bypass the authentication mechanism of the web management interface by sending a specially crafted request with an empty encryption string and hash.
The vulnerabilities affect OfficeScan Corporate Edition versions 8.0, 7.3, 7.0, 6.5, OfficeScan 6.0 in Client/Server/Messaging Suite for SMB 2, and Client Server Messaging Security versions 3.6, 3.5, and 3.0.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Apply patches.
OfficeScan 8.0:
http://www.trendmicro.com/ftp/product...sce_80_win_en_securitypatch_b1042.exe
OfficeScan 7.3:
http://www.trendmicro.com/ftp/product...sce_73_win_en_securitypatch_b1293.exe
OfficeScan 7.0:
http://www.trendmicro.com/ftp/product...sce_70_win_en_securitypatch_b1364.exe
OfficeScan 6.5:
http://www.trendmicro.com/ftp/product...sce_65_win_en_securitypatch_b1458.exe
OfficeScan 6.0 in Client/Server/Messaging Suite for SMB 2.0:
http://www.trendmicro.com/ftp/product...sce_60_win_en_securitypatch_b1398.exe
Client Server Messaging Security 3.6:
http://www.trendmicro.com/ftp/product...sce_76_win_en_securitypatch_b1149.exe
Client Server Messaging Security 3.5:
http://www.trendmicro.com/ftp/product...sce_75_win_en_securitypatch_b1152.exe
Client Server Messaging Security 3.0:
http://www.trendmicro.com/ftp/product...sce_72_win_en_securitypatch_b1209.exe
Provided and/or discovered by:
1) Discovered by an anonymous person and reported via iDefense Labs.
2) Discovered by David Maciejak and reported via iDefense Labs.
Changelog:
2007-06-27: Added CVE reference. Added additional affected product version.
2007-06-28: Updated vendor link.
2007-06-29: Added additional affected product version.
2007-07-13: Added OfficeScan 6.5 and Client/Server/Messaging Suite for SMB in affected product list. Updated "Solution" section.
2007-07-17: Updated "Description" and "Solution" sections, added Client Server Messaging Security in affected product list, and added additional links from iDefense Labs and the vendor.
Original Advisory:
Trend Micro:
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch-1042_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1364_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1293_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1458_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1398_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1149_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1152_readme.txt
http://www.trendmicro.com/ftp/documen..._win_en_securitypatch_1209_readme.txt
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
12 Related Secunia Security Advisories, displaying 10
|
|
|
1. Trend Micro OfficeScan 8.0 Policy Server Denial of Service
|
|
2. Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows
|
|
3. Trend Micro Scan Engine Tmxpflt.sys Privilege Escalation Vulnerability
|
|
4. Trend Micro Products UPX Processing Denial of Service
|
|
5. Trend Micro OfficeScan Client ActiveX Control Buffer Overflows
|
|
6. Trend Micro Products UPX Processing Buffer Overflow Vulnerability
|
|
7. Trend Micro Products IOCTL Handler Privilege Escalation
|
|
8. Trend Micro Products RAR Processing Denial Of Service
|
|
9. OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String Vulnerability
|
|
10. Trend Micro OfficeScan Client Removal and Arbitrary File Deletion
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
