Executive Summary
Summary | |
---|---|
Title | Trend Micro ServerProtect contains multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#768681 | First vendor Publication | 2008-11-13 |
Vendor | VU-CERT | Last vendor Modification | 2008-11-25 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#768681Trend Micro ServerProtect contains multiple vulnerabilitiesOverviewTrend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash.I. DescriptionTrend Micro ServerProtect is designed to detect and remove viruses from files. ServerProtect contains vulnerabilities, including multiple heap overflows. For more information on these issues see:
Note that these issues affect Trend Micro ServerProtect versions 5.58 and 5.7. II. ImpactA remote, unauthenticated attacker may be able to gain access with the privileges of the ServerProtect account or an administrator account and execute arbitrary commands, view log files or other sensitive data, or cause a vulnerable system to crash.III. SolutionWe are currently unaware of a complete solution to this problem. According to IBM X-Force:A patch released in May 2008 somewhat mitigates access to this vulnerability. However, the vulnerability is still resident and easily accessible.
References
This vulnerability was reported by David Dewey and Chris Valasek of IBM X-Force. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/768681 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
88 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50118 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0014) |
50117 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0013) |
50116 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0012) |
50115 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0074) |
50114 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0073) |
50113 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2008-0072) |
50112 | Trend Micro ServerProtect Unspecified Procedure Remote Overflow (2006-5269) |
50111 | Trend Micro ServerProtect RPC Interface Unspecified Administrative Access |