Executive Summary

Summary
Title Trend Micro ServerProtect contains multiple vulnerabilities
Informations
Name VU#768681 First vendor Publication 2008-11-13
Vendor VU-CERT Last vendor Modification 2008-11-25
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#768681

Trend Micro ServerProtect contains multiple vulnerabilities

Overview

Trend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash.

I. Description

Trend Micro ServerProtect is designed to detect and remove viruses from files. ServerProtect contains vulnerabilities, including multiple heap overflows. For more information on these issues see:
Note that these issues affect Trend Micro ServerProtect versions 5.58 and 5.7.

II. Impact

A remote, unauthenticated attacker may be able to gain access with the privileges of the ServerProtect account or an administrator account and execute arbitrary commands, view log files or other sensitive data, or cause a vulnerable system to crash.

III. Solution

We are currently unaware of a complete solution to this problem. According to IBM X-Force:

A patch released in May 2008 somewhat mitigates access to this vulnerability. However, the vulnerability is still resident and easily accessible.

Systems Affected

VendorStatusDate NotifiedDate Updated
Trend MicroVulnerable2008-08-082008-11-13

References


http://www.iss.net/threats/307.html
http://www.iss.net/threats/308.html
http://www.iss.net/threats/309.html
http://www.iss.net/threats/310.html
http://www.trendmicro.com/download/product.asp?productid=17
http://blogs.iss.net/archive/trend.html

Credit

This vulnerability was reported by David Dewey and Chris Valasek of IBM X-Force.

This document was written by Chris Taschner.

Other Information

Date Public:2008-11-11
Date First Published:2008-11-13
Date Last Updated:2008-11-25
CERT Advisory: 
CVE-ID(s):CVE-2006-5268; CVE-2006-5269; CVE-2007-0072; CVE-2007-0073; CVE-2007-0074; CVE-2008-0012; CVE-2008-0013; CVE-2008-0014
NVD-ID(s):CVE-2006-5268CVE-2006-5269CVE-2007-0072CVE-2007-0073CVE-2007-0074CVE-2008-0012CVE-2008-0013CVE-2008-0014
US-CERT Technical Alerts: 
Metric:17.46
Document Revision:17

Original Source

Url : http://www.kb.cert.org/vuls/id/768681

CWE : Common Weakness Enumeration

% Id Name
88 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
50118 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0014)
50117 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0013)
50116 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0012)
50115 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0074)
50114 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0073)
50113 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0072)
50112 Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2006-5269)
50111 Trend Micro ServerProtect RPC Interface Unspecified Administrative Access