Trend Micro ServerProtect Multiple Vulnerabilities - Secunia - Chris Mosby at myITforum.com

Thursday, November 13, 2008 6:00 PM cmosby

Trend Micro ServerProtect Multiple Vulnerabilities - Secunia

Trend Micro ServerProtect Multiple Vulnerabilities
Secunia Advisory:	SA32618
Release Date:	2008-11-12
Last Update:	2008-11-13
Popularity:	766 views

Critical:	Moderately critical
Impact:	DoS System access
Where:	From local network
Solution Status:	Unpatched

Software:	Trend Micro ServerProtect for EMC Celerra 5.x Trend Micro ServerProtect for Network Appliance Filer 5.x Trend Micro ServerProtect for Windows/NetWare 5.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2006-5268 CVE-2006-5269 CVE-2007-0072 CVE-2007-0073 CVE-2007-0074 CVE-2008-0012 CVE-2008-0013 CVE-2008-0014

Description: Some vulnerabilities have been reported in Trend Micro ServerProtect, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) An error in the RPC authentication process can be exploited to gain administrative access to the RPC interface. 2) Multiple errors in the implementation of unspecified RPC procedures can be exploited to cause heap-based buffer overflows. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 5.7 and 5.58. Other versions may also be affected. Solution: Restrict network access to the product. Provided and/or discovered by: 1) David Dewey of ISS X-Force 2) David Dewey and Chris Valasek of ISS X-Force Changelog: 2008-11-13: Added link to US-CERT. Original Advisory: ISS X-Force: http://www.iss.net/threats/307.html http://www.iss.net/threats/308.html http://www.iss.net/threats/309.html http://www.iss.net/threats/310.html Other References: US-CERT VU#768681: http://www.kb.cert.org/vuls/id/768681

Filed under: AntiVirus Information, Software Vulnerabilites

Comments

No Comments