[SNS Advisory No.29] Trend Micro Virus Control System(VCS) Unauthenticated CGI Usage Vulnerability

From: snsadvat_private
Date: Thu Jun 07 2001 - 19:43:32 PDT

Next message: Victor A. Rodriguez: "Re: security bug Internet Explorer 5"

Previous message: zen-parseat_private: "potential buffer overflow in xinetd-2.1.8.9pre11-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SNS Advisory No.29
Trend Micro Virus Control System(VCS) Unauthenticated CGI Usage 
Vulnerability

Problem first discovered: 25 May 2001
Published: 7 Jun 2001 
Last Updated: 7 Jun 2001 
----------------------------------------------------------------------

Overview
--------
The vulnerability was found in a CGI program included in TrendMicro 
Virus Control System(VCS). It may be possible for a remote user to
access administrative program and data without authentication.

Problem
-------

VCS is a software package designed to operate and manage anti virus
product included in gateways, file servers, groupwares and clients.

In order to manage VCS, an administrator accesses with following URL.

http://VCSServer/tvcs/EnterPassword.html

Password for its administrator is required then normally. By calling 
a certain CGI program with unusual way, it is possible to change its
configuration and view configuration files.

Details can not be disclosed now because it has not been fixed yet
and it will not be fixed immediately.

Tested Version
--------------
  Virus Control System(VCS) Ver.1.8 Japanese
  Virus Control System(VCS) Ver.1.8 English

Tested OS
---------
  Windows 2000 Server Japanese
  Windows 2000 Server English

Patch Information
-----------------
No patches are available now.
Trend Micro support team responded that this problem will be fixed end 
of this year.

Until the patch will be released, set up access control to refuse access
to servers in which VCS is installed by non-administrative user.

Discovered by
-------------
	MIWA Nobuo (LAC / n-miwaat_private)

Disclaimer
-----------
All information in this advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References
----------
Archive of this advisory:
	http://www.lac.co.jp/security/english/snsadv_e/29_e.html

SNS Advisory:
	http://www.lac.co.jp/security/english/snsadv_e/

LAC:
	http://www.lac.co.jp/security/english/

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Victor A. Rodriguez: "Re: security bug Internet Explorer 5"
Previous message: zen-parseat_private: "potential buffer overflow in xinetd-2.1.8.9pre11-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 08:46:44 PDT