[NT] Trend Micro Products Web Management Authentication Bypass



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Trend Micro Products Web Management Authentication Bypass
------------------------------------------------------------------------


SUMMARY

"Protect your desktops, laptops, and file servers with
<http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/> OfficeScan, comprehensive security against today's complex, blended threats and Web-based attacks." Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication.

DETAILS

Vulnerable Systems:
* Trend Micro OfficeScan version 7.0
* Trend Micro OfficeScan version 7.3
* Trend Micro OfficeScan version 8.0
* Worry-Free Business Security version 5.0
* Trend Micro Client/Server/Messaging Suite version 3.5
* Trend Micro Client/Server/Messaging Suite version 3.6

The vulnerability is caused by insufficient entropy being used to create a
random session token for identifying an authenticated manager using the
web management console. The entropy in the session token comes solely from
the system time when the real manager logs in with a granularity of one
second. This can be exploited to impersonate a currently logged on manager
by brute forcing the authentication token.

Successful exploitation further allows execution of arbitrary code via
manipulation of the configuration.

Solution:
The vendor has issued patches for Trend Micro OfficeScan 8.0 and
Worry-Free Business Security 5.0.

Fixes for other affected versions should be available shortly.

Time Table:
12/08/2008 - Vendor notified.
12/08/2008 - Vendor response.
16/08/2008 - Vendor provides status update.
22/08/2008 - Vendor issues patches for some of the affected products.
22/08/2008 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2433>
CVE-2008-2433


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2008-31/>
http://secunia.com/secunia_research/2008-31/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • Re: XP Pro Security Center Started & Stopped
    ... it registers in the Microsoft security ... I have never seen a conflict between Trend ... Trend Micro Internet Security for viruses. ...
    (microsoft.public.windowsxp.general)
  • [NT] Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
    ... Get your security news from a reliable source. ... Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability ... The Trend ServerProtect service handles RPC requests on TCP ...
    (Securiteam)
  • Re: WindowsXP Security senter and Trend Micro
    ... Check with Trend Micro, they need to add the necessary files so their ... > I have just installed Trend Micro PC-Cillin Internet Security 14. ... > problem is that Windows Security Center pops up with an alert that ... > indicates that Firewall and Virus protection is turned off. ...
    (microsoft.public.windowsxp.basics)
  • [NT] Trend Micro PC-Cillin Internet Security Insecure File Permission
    ... Get your security news from a reliable source. ... Trend Micro PC-Cillin Internet Security Insecure File Permission ... settings that are applied during installation. ... installs an affected Trend Micro product, ...
    (Securiteam)
  • [NEWS] Wonderware SuiteLink Denial of Service Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vendor Information, Solutions and Workarounds ... Core sends the advisory draft to Wonderware support team. ...
    (Securiteam)