[SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability

From: snsadvat_private
Date: Fri Aug 24 2001 - 02:55:39 PDT

Next message: Philip Rowlands: "Re: Respondus v1.1.2 stores passwords using weak encryption"

Previous message: Valentin Butanescu: "Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
SNS Advisory No.40
TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability

Problem first discovered: 21 Aug 2001
Published: Fri, 24 Aug 2001
----------------------------------------------------------------------

Overview
--------
Trend Micro OfficeScan Corp Edition ver.3.54 contains a vulnerability which allows attackers to read arbitrary files with IUSER privilege.


Problem Description 
-------------------
Trend Micro OfficeScan Corp Edition is an antivirus software for enterprise use. It provides central virus reporting, automatic virus pattern updates, and Web-based remote management console. A vulnerability lies in cgiWebupdate.exe, which is one of cgi programs and is used for remote management. This problem can allow remote users to read arbitrary files with IUSER privilege. 


Tested Version 
--------------
Trend Micro OfficeScan Corp Edition Version 3.54

Tested OS
---------
Windows 2000 Server

Patch Information
-----------------
The same vulnerability exists in the Japanese version.There is a Japanese version of a patch for this vulnerability , which can be applied to any other version.The patch is available from the following site:

 http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086

Discovered by:
--------------
Nobuo Miwa (LAC / n-miwaat_private)

Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co., Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References
----------
Archive of this advisory(in preparation now):
	http://www.lac.co.jp/security/english/snsadv_e/40_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Philip Rowlands: "Re: Respondus v1.1.2 stores passwords using weak encryption"
Previous message: Valentin Butanescu: "Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 09:12:59 PDT