[SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote File Disclosure With IUSER Privilege Vulnerability

From: snsadvat_private
Date: Tue Aug 21 2001 - 13:09:07 PDT

Next message: Paul Millar: "IrDA semiremote vulnerability"

Previous message: Roman Drahtmueller: "Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
SNS Advisory No.38
Trend Micro Virus Buster (Ver.3.5x) Remote File Disclosure With IUSER
Privilege Vulnerability

Problem first discovered: Wed, 18 Jul 2001
Published: Mon, 20 Aug 2001
----------------------------------------------------------------------

Overview:
---------
Trend Micro Virus Buster (a.k.a Officescan Corporate Edition) contains 
a vulnerability which allows attacker to read arbitrary files with
IUSER privilege.

Problem Description:
--------------------
Trend Micro Virus Buster is antivirus software for the enterprise use.
It provides central virus reporting, automatic virus pattern updates,
and Web-based remote management console. A vulnerability lies in
cgiWebupdate.exe, which is one of the CGI programs which used for
remote management.  This problem can allow remote users to read
arbitrary files with IUSER privilege.
"Virus Buster Corporate Edition" is provided only as Japanese version
which is a.k.a "Officescan Corporate Edition" as English version. We're
still working with Trend Micro about this problem in "Officescan
Corporate Edition". As soon as possible, we will publish the issue.

Tested Version:
---------------
Trend Micro Virus Buster Corporate Edition Version 3.52
Trend Micro Virus Buster Corporate Edition Version 3.53
Trend Micro Virus Buster Corporate Edition Version 3.54

Tested OS:
----------
Windows 2000 Server [Japanese]

Patch Information:
------------------
The patch is available from the following site:

http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086

Discovered by:
--------------
Nobuo Miwa (LAC / n-miwaat_private)

Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co., Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References
----------
Archive of this advisory(in preparation now):
	http://www.lac.co.jp/security/english/snsadv_e/38_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Paul Millar: "IrDA semiremote vulnerability"
Previous message: Roman Drahtmueller: "Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 13:12:45 PDT