[NT] Trend Micro InterScan eManager for NT Multiple Buffer Overflow Vulnerabilities
From: support@securiteam.comDate: 09/20/01
- Previous message: support@securiteam.com: "[NEWS] Mailto Links Pose a Security Threat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] Trend Micro InterScan eManager for NT Multiple Buffer Overflow Vulnerabilities Message-Id: <20010920141347.A6D08138C1@mail.der-keiler.de> Date: Thu, 20 Sep 2001 16:13:47 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Trend Micro InterScan eManager for NT Multiple Buffer Overflow
Vulnerabilities
------------------------------------------------------------------------
SUMMARY
Trend Micro InterScan eManager for NT suffers from a buffer overflow
vulnerability. The vulnerability allows an attacker to remotely execute
arbitrary code with the security privileges of the SYSTEM context.
DETAILS
Vulnerable systems:
InterScan eManager for NT version 3.51
InterScan eManager for NT version 3.51J
InterScan eManager is a plug-in software for InterScan VirusWall. The
product provides SPAM filtering, content filtering, and a Web-based
management console. Some CGI programs, which are used by this Web-based
management console, have been found to contain buffer overflow
vulnerabilities. This allows an attacker to remotely execute arbitrary
codes with the security privileges of the SYSTEM context.
Exploitable CGI programs:
/eManager/cgi-bin/register.dll
/eManager/Content%20Management/ContentFilter.dll
/eManager/Content%20Management/SFNofitication.dll
/eManager/Email%20Management/cgi-bin/register.dll
/eManager/Email%20Management/cgi-bin/TOP10.dll
/eManager/Email%20Management/cgi-bin/SpamExcp.dll
/eManager/Email%20Management/cgi-bin/spamrule.dll
Patch information:
A patch that can fix these issues is available at:
<http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142>
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
Workarounds:
Workarounds listed below will minimize the vulnerability.
1. If Web-based console is not necessary, remove /eManager virtual
directory with the use of Internet Service Manager.
2. Enable NTLM authentication with the use of Internet Service Manager. It
will provide restrict access to Web-based console.
3. Restrict untrustworthy host's access to Web-based console with the use
of Firewall, and so on.
ADDITIONAL INFORMATION
The information has been provided by <mailto:y.arai@lac.co.jp> ARAI Yuu
(LAC).
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Mailto Links Pose a Security Threat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
