Thursday, February 28, 2008 9:15 AM
cmosby
Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows - Advisories - Secunia
Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows
Secunia Advisory:
SA29124
Release Date:
2008-02-28
Critical:
Moderately critical
Impact:
DoS
System access
Where:
From local network
Solution Status:
Unpatched
Software:
Trend Micro OfficeScan Corporate Edition 7.x
Description:
Luigi Auriemma has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) A boundary error in cgiChkMasterPwd.exe can be exploited to cause a stack-based buffer overflow via an HTTP request with a specially crafted, overly long "TMLogonEncrypted" parameter.
Successful exploitation allows execution of arbitrary code.
2) A boundary error in PolicyServer.exe can be exploited to cause a stack-based buffer overflow via an HTTP request to the cgiABLogon.exe CGI module with a specially crafted, overly long "pwd" parameter.
Successful exploitation allows execution of arbitrary code but requires that the Trend Micro Policy Server for Cisco NAC is installed.
Other errors, e.g. NULL-pointer dereference errors in certain CGI modules when handling HTTP requests containing certain characters or with invalid "Content-Length" headers, have also been reported.
The vulnerabilities are confirmed in version 7.3 with Patch 3 build 1314. Other versions may also be affected.
Solution:
Restrict network access to the services.
Provided and/or discovered by:
Luigi Auriemma
Original Advisory:
http://aluigi.altervista.org/adv/officescaz-adv.txt
Source: Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows - Advisories - Secunia
Filed under: AntiVirus Information, Security