Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Trend Micro ServerProtect Integer Overflow Vulnerability
Informations
Name VU#959400 First vendor Publication 2007-08-23
Vendor VU-CERT Last vendor Modification 2007-08-23
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#959400

Trend Micro ServerProtect Integer Overflow Vulnerability

Overview

Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code.

I. Description

Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with centralized management of multiple servers. The ServerProtect architecture includes a management console, information server, and the server which has ServerProtect installed.

The ServerProtect executable that runs on the server being protected by the anti-virus engine is called SpntSvc.exe. This executable uses the StRpcSrv.dll library to handle RPC requests on 5168/tcp.

The ServerProtect component contains an integer overflow vulnerability within the RPC function RPCFN_SYNC_TASK. A remote, unauthenticated attacker may be able to trigger the overflow by sending malformed RPC request to a vulnerable system.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

III. Solution

Update

Trend Micro has addressed this vulnerability in Security Patch 4 - Build 1185.

Restrict Access

Restricting network access to 5168/tcp to trusted hosts may mitigate this vulnerability.

Systems Affected

VendorStatusDate Updated
Trend MicroVulnerable23-Aug-2007

References


http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt
http://secunia.com/advisories/26523/

Credit

This vulnerability was discovered by Jun Mao (iDefense Labs).

This document was written by Joseph Pruszynski.

Other Information

Date Public08/21/2007
Date First Published08/23/2007 01:14:50 PM
Date Last Updated08/23/2007
CERT Advisory 
CVE NameCVE-2007-4219
Metric5.57
Document Revision26

Original Source

Url : http://www.kb.cert.org/vuls/id/959400

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
39751 Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Fun...

Information Assurance Vulnerability Management (IAVM)

Date Description
2007-08-24 IAVM : 2007-T-0035 - Trend Micro ServerProtect Multiple Remote Code Execution Vulnerabilities
Severity : Category I - VMSKEY : V0014876

Nessus® Vulnerability Scanner

Date Description
2007-08-22 Name : It is possible to execute code on the remote host through the AntiVirus Agent.
File : trendmicro_serverprotect_multiple2.nasl - Type : ACT_GATHER_INFO