RE: Assorted Trend Vulns Rev 2.0
From: herbert tenhagen (herbert.tenhagen@trendmicro.de)
Date: 01/22/03
- Previous message: The Blueberry: "Re: Need help w/ Dell Windows security issue"
- Maybe in reply to: Rod Boron: "Assorted Trend Vulns Rev 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Jan 2003 14:41:02 +0100 From: herbert tenhagen <herbert.tenhagen@trendmicro.de> To: rod_boron@yahoo.com, vuln-dev@securityfocus.com
Rob:
> *******Trend Officescan password change/bypass*******
Trend Micro developed an adminstration tool called "CGI_NTFS". This Tool
is part of the toolbox which gets installed by default during the
OfficeScan installation. Since Officescan Version 5.02 this toolbox is
also available via the administration web interface. For deeper detailed
information please look into solution id#13353 in the solutionbank of
Trend Micro
(http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353).
> *******Trend Scanmail Password Bypass*******
Trend Micro is aware of this vulnerability and provides workarounds and
fixes at:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352
ScanMail for Exchange v3.81 (for Microsoft Exchange Server 5.5) and
ScanMail for Exchange v6.1 (for Microsoft Exchange Server 2000) are not
affected by this vulnerability.
> *******Trend Micro TVCS IIS Dos*******
> *******Trend Micro TVCS Log Collector*******
TVCS has been replaced through TMCM (Trend Micro Control Manager). This
product is not affected.
see also:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
regards
Herbert Tenhagen
ps: your mail was queued for 7 days at securityfocus before it was
announced at vuln-dev. That's the reason for the delayed answer.
...
Received: from outgoing3.securityfocus.com (outgoing3.securityfocus.com
[205.206.231.27])
by mail.client.tld (8.12.7/8.12.7) with ESMTP id h0KJTRlY552375
for <vuln-dev@client.tld>; Wed, 22 Jan 2003 00:15:36 +0100
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 3DD41A5192; Fri, 17 Jan 2003 13:15:15 -0700 (MST)
...
Received: (qmail 27418 invoked from network); 15 Jan 2003 01:13:16 -0000
...
Date: Tue, 14 Jan 2003 17:44:20 -0800 (PST)
From: Rod Boron <rod_boron@yahoo.com>
Subject: Assorted Trend Vulns Rev 2.0
To: vuln-dev@securityfocus.com
...
-----Original Message-----
From: Rod Boron [mailto:rod_boron@yahoo.com]
Sent: Mittwoch, 15. Januar 2003 02:44
To: vuln-dev@securityfocus.com
Subject: Assorted Trend Vulns Rev 2.0
Trend Micro Assorted Vulnerabilities
Rev 2.0 01/14/03
Information
_____________________________________
I have had these sitting around for about a year
and just said "fawk it" and am giving 'em to the
community to sort through before they start growing
edible fungi. Not even sure if they work on newer
versions of
Trend software, too busy with other matters and
projects, but I'm thinking they just might. Some may
just be poor configuration and installation practices
by the user, who knows. No real magical bullet buffer
overflows here, just some weird web app practices.
Most can be access controlled or given stricter
permissions
at the OS level.
All of these "vulns", per say, can be accessed
publicly
on servers with poor border controls. Fire up a
friendly
Google session and see!
Despite these oddities, in my opinion, Trend still
excels over others in it's capabilities and
integration
into a corp network.
Well, enjoy, discuss, criticize, elaborate,
manipulate,
evaluate, but please don't devastate.
Rodney Boron
-Don't underestimate the subtlety of letting others
think they know more than you.
Rod_Boron-AT-Yahoo.com
*******Trend Officescan password change/bypass*******
http://x.x.x.x/officescan/cgi/cgiMasterPwd.exe
Allows you to skip the default
/officescan/cgi/cgiChkMasterPwd.exe
and create your own password to login with. Full
access to the web based Officescan
management page now granted. Hell, you can access
all the nice .exe's in the /cgi. This is easily
cured by correcting permissions and access to the
folder.
*******Trend Micro TVCS IIS Dos*******
http://x.x.x.x/tvcs/activesupport.exe
10 requests for this .exe will cause 10 instances of
ActiveSupport.exe to be started. Each consuming 2.5
M's of memory and causing a Dos effect on IIS lasting
for up to 5 minutes till each instance of the .exe
timesout.
*******Trend Scanmail Password Bypass*******
http://x.x.x.x:16372/smg_Smxcfg30.exe?vcc=3560121183d3
Some magical backdoor Trend installed to bypass
authentication into their web management page for
Scanmail for Exchange. Does it work on other Scanmail
versions?
*******Trend Micro TVCS Log Collector*******
This one gives up the farm and the rooster's eggs.
huh?
http://x.x.x.x/tvcs/getservers.exe?action=selects1
Follow the steps 2-4 and download a very well endowed
zip file. Within holds the kings jewels. Trivial
encrytion protects both the TVCS password and the
service user account and password. Bet lazy admins
are running Trend as administrator. Some other
enumeration goodies in there to tickle one's
imagination.
....................................................
Where "x.x.x.x" is equivalent to:
-----------== Vin Diesel ==-------------
in
"The Fast, the Furious, and the Fortran"
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
- Next message: H C: "Re: What to do with a vulerability?"
- Previous message: The Blueberry: "Re: Need help w/ Dell Windows security issue"
- Maybe in reply to: Rod Boron: "Assorted Trend Vulns Rev 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
