Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trend Micro | First view | 2005-05-02 |
| Product | Serverprotect | Last view | 2007-09-11 |
| Version | 2.5 | Type | Application |
| Update | * | ||
| Edition | linux | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:trend_micro:serverprotect | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2007-09-11 | CVE-2007-4731 | Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. |
| 10 | 2007-05-08 | CVE-2007-2508 | Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. |
| 7.5 | 2007-03-02 | CVE-2007-1168 | Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). |
| 7.5 | 2005-12-14 | CVE-2005-1929 | Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. |
| 7.5 | 2005-05-02 | CVE-2005-0533 | Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
SAINT Exploits
| Description | Link |
|---|---|
| Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow | More info here |
| Trend Micro ServerProtect SpntSvc.exe CreateBinding buffer overflow | More info here |
| Trend Micro ServerProtect EarthAgent RPC buffer overflow | More info here |
| Trend Micro ServerProtect TMregChange buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 45878 | Trend Micro ServerProtect TMReg.dll TMregChange Function Remote Overflow |
| 35790 | Trend Micro ServerProtect SpntSvc.exe Service AgRpcCln.dll CAgRpcClient::Crea... |
| 35789 | Trend Micro ServerProtect EarthAgent.exe RPC Request Remote Overflow |
| 33041 | Trend Micro ServerProtect for Linux (SPLX) splx_2376_info Cookie Authenticati... |
| 21772 | Trend Micro ServerProtect relay.dll POST Request Remote Overflow |
| 21771 | Trend Micro ServerProtect isaNVWRequest.dll POST Request Remote Overflow |
| 14133 | Trend Micro Multiple Anti-Virus Products ARJ Archive Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Trend Micro Control Manager Chunked overflow attempt RuleID : 17486 - Type : SERVER-WEBAPP - Revision : 12 |
| 2014-01-10 | Trend Micro Products Antivirus Library overflow attempt RuleID : 15992 - Type : FILE-OTHER - Revision : 7 |
| 2014-01-10 | Trend Micro ServerProtect TMregChange buffer overflow attempt RuleID : 13365 - Type : SERVER-OTHER - Revision : 8 |
| 2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt RuleID : 12317 - Type : NETBIOS - Revision : 19 |
| 2014-01-10 | Trend Micro ServerProtect EarthAgent DCE-RPC Stack overflow RuleID : 11618 - Type : EXPLOIT - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-08-22 | Name: It is possible to execute code on the remote host through the AntiVirus Agent. File: trendmicro_serverprotect_multiple2.nasl - Type: ACT_GATHER_INFO |
| 2007-05-09 | Name: The remote service is vulnerable to a remote buffer overflow attack. File: trendmicro_serverprotect_earthagent_overflow.nasl - Type: ACT_GATHER_INFO |
| 2007-02-22 | Name: The remote web server suffers from an authentication bypass vulnerability. File: trendmicro_splx_cookie_bypass.nasl - Type: ACT_GATHER_INFO |
| 2006-01-13 | Name: The remote web server is vulnerable to remote code execution. File: trendmicro_controlmanager_multiple.nasl - Type: ACT_ATTACK |
| 2005-02-24 | Name: The remote host is running an application that is affected by a buffer overfl... File: trendmicro_arj_overflow.nasl - Type: ACT_GATHER_INFO |
