Trend Micro Assorted Vulnerabilities Rev 2.0 01/14/03 Information _____________________________________ I have had these sitting around for about a year and just said "fawk it" and am giving 'em to the community to sort through before they start growing edible fungi. Not even sure if they work on newer versions of Trend software, too busy with other matters and projects, but I'm thinking they just might. Some may just be poor configuration and installation practices by the user, who knows. No real magical bullet buffer overflows here, just some weird web app practices. Most can be access controlled or given stricter permissions at the OS level. All of these "vulns", per say, can be accessed publicly on servers with poor border controls. Fire up a friendly Google session and see! Despite these oddities, in my opinion, Trend still excels over others in it's capabilities and integration into a corp network. Well, enjoy, discuss, criticize, elaborate, manipulate, evaluate, but please don't devastate. Rodney Boron -Don't underestimate the subtlety of letting others think they know more than you. Rod_Boron-AT-Yahoo.com *******Trend Officescan password change/bypass******* http://x.x.x.x/officescan/cgi/cgiMasterPwd.exe Allows you to skip the default /officescan/cgi/cgiChkMasterPwd.exe and create your own password to login with. Full access to the web based Officescan management page now granted. Hell, you can access all the nice .exe's in the /cgi. This is easily cured by correcting permissions and access to the folder. *******Trend Micro TVCS IIS Dos******* http://x.x.x.x/tvcs/activesupport.exe 10 requests for this .exe will cause 10 instances of ActiveSupport.exe to be started. Each consuming 2.5 M's of memory and causing a Dos effect on IIS lasting for up to 5 minutes till each instance of the .exe timesout. *******Trend Scanmail Password Bypass******* http://x.x.x.x:16372/smg_Smxcfg30.exe?vcc=3560121183d3 Some magical backdoor Trend installed to bypass authentication into their web management page for Scanmail for Exchange. Does it work on other Scanmail versions? *******Trend Micro TVCS Log Collector******* This one gives up the farm and the rooster's eggs. huh? http://x.x.x.x/tvcs/getservers.exe?action=selects1 Follow the steps 2-4 and download a very well endowed zip file. Within holds the kings jewels. Trivial encrytion protects both the TVCS password and the service user account and password. Bet lazy admins are running Trend as administrator. Some other enumeration goodies in there to tickle one's imagination. .................................................... Where "x.x.x.x" is equivalent to: -----------== Vin Diesel ==------------- in "The Fast, the Furious, and the Fortran" __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 15:14:57 PST