[NT] Trend Micro Products Web Management Authentication Bypass



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Trend Micro Products Web Management Authentication Bypass
------------------------------------------------------------------------


SUMMARY

"Protect your desktops, laptops, and file servers with
<http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/> OfficeScan, comprehensive security against today's complex, blended threats and Web-based attacks." Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication.

DETAILS

Vulnerable Systems:
* Trend Micro OfficeScan version 7.0
* Trend Micro OfficeScan version 7.3
* Trend Micro OfficeScan version 8.0
* Worry-Free Business Security version 5.0
* Trend Micro Client/Server/Messaging Suite version 3.5
* Trend Micro Client/Server/Messaging Suite version 3.6

The vulnerability is caused by insufficient entropy being used to create a
random session token for identifying an authenticated manager using the
web management console. The entropy in the session token comes solely from
the system time when the real manager logs in with a granularity of one
second. This can be exploited to impersonate a currently logged on manager
by brute forcing the authentication token.

Successful exploitation further allows execution of arbitrary code via
manipulation of the configuration.

Solution:
The vendor has issued patches for Trend Micro OfficeScan 8.0 and
Worry-Free Business Security 5.0.

Fixes for other affected versions should be available shortly.

Time Table:
12/08/2008 - Vendor notified.
12/08/2008 - Vendor response.
16/08/2008 - Vendor provides status update.
22/08/2008 - Vendor issues patches for some of the affected products.
22/08/2008 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2433>
CVE-2008-2433


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2008-31/>
http://secunia.com/secunia_research/2008-31/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.