Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability

From: "snsadv () lac co jp" <snsadv () lac co jp>
Date: Wed, 12 Sep 2001 02:01:24 -0400
----------------------------------------------------------------------
SNS Advisory No.42
Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability

Problem first discovered: Fri, 27 Jul 2001
Published: Wed, 12 Sep 2001
----------------------------------------------------------------------

Overview:
---------
  Trend Micro InterScan eManager for NT contains buffer overflow
  vulnerability. It may allow an attacker to execute arbitrary codes
  remotely with Local System context.

Problem Description:
--------------------
  InterScan eManager is a pug-in software  for InterScan VirusWall,
  both developed by Trend Micro. It provides SPAM filtering, content
  filtering, and Web-based management console. Some CGI programs, which
  are used by this Web-based management console, contain buffer overflow
  vulnerability. It may allow an attacker to execute arbitrary codes
  remotely with Local System context. Actually, the Web-based console
  of InterScan eManager doesn't have authentication method, which is
  used for confirmation of administrator. This can lead an attacker
  to reconfigure its settings, and will cause major complications.

  Exploitable CGI programs:
  /eManager/cgi-bin/register.dll
  /eManager/Content%20Management/ContentFilter.dll
  /eManager/Content%20Management/SFNofitication.dll
  /eManager/Email%20Management/cgi-bin/register.dll
  /eManager/Email%20Management/cgi-bin/TOP10.dll
  /eManager/Email%20Management/cgi-bin/SpamExcp.dll
  /eManager/Email%20Management/cgi-bin/spamrule.dll

Tested Version:
---------------
  InterScan eManager for NT Ver.3.51
  InterScan eManager for NT Ver.3.51J

Tested OS:
----------
  Windows NT 4.0 Server + SP6a [English]
  Windows NT 4.0 Server + SP6a [Japanese]

Patch Information:
------------------
  A patch to fix this issue for InterScan eManager for NT Ver.3.51J is 
  available below URL:
  
  http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142

  A patch for InterScan eManager for NT Ver.3.51 is to be released.

Workarounds:
------------
  Workarounds listed below will minimize the vulnerability.

  1. If Web-based console is not necessary, remove /eManager virtual 
     directory with the use of Internet Service Manager.

  2. Enable NTLM authentication with the use of Internet Service 
     Manager. It will provide restrict access to Web-based console.

  3. Restrict untrustworthy host's access to Web-based console with
     the use of Firewall, and so on.

Discovered by:
--------------
  ARAI Yuu (LAC)  y.arai () lac co jp

Disclaimer:
-----------
  All information in these advisories are subject to change without any
  advanced notices neither mutual consensus, and each of them is released
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
  caused by applying those information.

References:
-----------
  Archive of this advisory:
  http://www.lac.co.jp/security/english/snsadv_e/42_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/
Previous By Date Next
Previous By Thread Next

Current thread: