[NT] TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability

From: support@securiteam.com
Date: 08/29/01


From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability
Message-Id: <20010829150853.15A6B138BF@mail.der-keiler.de>
Date: Wed, 29 Aug 2001 17:08:53 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability
------------------------------------------------------------------------

SUMMARY

Trend Micro OfficeScan Corp Edition contains a vulnerability that allows
attackers to read arbitrary files that are allowed for reading by the user
'IUSER'.

DETAILS

Vulnerable systems:
Trend Micro OfficeScan Corp Edition version 3.54

Trend Micro OfficeScan Corp Edition is an antivirus software for
enterprises. It provides central virus reporting, automatic virus pattern
updates, and Web-based remote management console. A vulnerability in the
cgiWebupdate.exe, which is one of the CGI programs that is used for remote
management, allows remote users to read arbitrary files with IUSER
privileges.

Patch information:
The same vulnerability exists in the Japanese edition of the program. This
is a Japanese version of the patch but it can be applied to any other
version (language). The patch is available from the following site:

  
<http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086>
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086

ADDITIONAL INFORMATION

The information has been provided by <mailto:n-miwa@lac.co.jp> Nobuo Miwa
LAC.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • SecurityFocus Microsoft Newsletter #182
    ... Introducing the world's first and only complete Internal Security Gateway: ... Microsoft Windows XP Explorer.EXE Remote Denial of Service V... ... Apache Error Log Escape Sequence Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #171
    ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #237
    ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)