Executive Summary
Summary | |
---|---|
Title | Trend Micro ServerProtect RPC buffer overflows |
Informations | |||
---|---|---|---|
Name | VU#109056 | First vendor Publication | 2007-08-23 |
Vendor | VU-CERT | Last vendor Modification | 2007-09-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#109056Trend Micro ServerProtect RPC buffer overflowsOverviewThe Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.I. DescriptionTrend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend Micro ServerProtect handles Remote Procedure Calls (RPC) using port 5168/tcp.Trend Micro ServerProtect contains heap-based and stack-based buffer overflows in that can be exploited via multiple RPC functions. A remote, unauthenticated attacker may be able to trigger these overflows by sending malformed RPC requests to a vulnerable Trend Micro ServerProtect installation. Trend Micro has addressed these vulnerabilities with Security Patch 4.
References
This vulnerabilities were reported by iDefense Labs. iDefense Labs in turn credits Code Audit Labs, Jun Mao from iDefense Labs, and two anonymous researchers. This document was written by Jeff Gennari.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/109056 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
Trend Micro ServerProtect RPCFN_CMON_SetSvcImpersonateUser buffer overflow | More info here |
Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow | More info here |
Trend Micro ServerProtect SpntSvc RPC buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39754 | Trend Micro ServerProtect for Windows (SpntSvc.exe) Notification.dll NTF_SetP... |
39753 | Trend Micro ServerProtect for Windows (SpntSvc.exe) Eng50.dll Multiple Functi... |
39752 | Trend Micro ServerProtect for Windows (SpntSvc.exe) Stcommon.dll Multiple Fun... |
39751 | Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Fun... |
39750 | Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function ... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-08-24 | IAVM : 2007-T-0035 - Trend Micro ServerProtect Multiple Remote Code Execution Vulnerabilities Severity : Category I - VMSKEY : V0014876 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser object call attempt RuleID : 12352 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian object... RuleID : 12351 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser attempt RuleID : 12350 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser attempt RuleID : 12349 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian attempt RuleID : 12348 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt RuleID : 12347 - Revision : 15 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 object call attempt RuleID : 12346 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object ca... RuleID : 12345 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 little endian attempt RuleID : 12344 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 attempt RuleID : 12343 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 attempt RuleID : 12342 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt RuleID : 12341 - Revision : 12 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian object ca... RuleID : 12340 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_30010 object call overflow at... RuleID : 12339 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 little endian overfl... RuleID : 12338 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian overflow ... RuleID : 12337 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect Trent_req_num_30010 overflow attempt RuleID : 12336 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt RuleID : 12335 - Revision : 15 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _TakeActionOnAFile object call attempt RuleID : 12334 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian object cal... RuleID : 12333 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt RuleID : 12332 - Revision : 12 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile little endian attempt RuleID : 12331 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian attempt RuleID : 12330 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile attempt RuleID : 12329 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem object call attempt RuleID : 12328 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian object ... RuleID : 12327 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt RuleID : 12326 - Revision : 15 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem little endian attempt RuleID : 12325 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian attempt RuleID : 12324 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem attempt RuleID : 12323 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc little end... RuleID : 12322 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc object cal... RuleID : 12321 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt RuleID : 12320 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc little end... RuleID : 12319 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 trend-serverprotect-earthagent RPCFN_CopyAUSrc little ... RuleID : 12318 - Revision : 7 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt RuleID : 12317 - Revision : 19 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian object ... RuleID : 12312 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig object call attempt RuleID : 12311 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian attempt RuleID : 12310 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig attempt RuleID : 12309 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig attempt RuleID : 12308 - Revision : 6 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt RuleID : 12307 - Revision : 15 - Type : NETBIOS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-22 | Name : It is possible to execute code on the remote host through the AntiVirus Agent. File : trendmicro_serverprotect_multiple2.nasl - Type : ACT_GATHER_INFO |