General discussion

VULNERABILITIES - February 25, 2005

TITLE:
Trend Micro Products AntiVirus Library Buffer Overflow

SECUNIA ADVISORY ID:
SA14396

VERIFY ADVISORY:
http://secunia.com/advisories/14396/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Trend Micro ServerProtect for Windows/NetWare 5.x
http://secunia.com/product/1153/
Trend Micro ServerProtect for Linux 1.x
http://secunia.com/product/4712/
Trend Micro ScanMail for Microsoft Exchange 6.x
http://secunia.com/product/67/
Trend Micro ScanMail for Microsoft Exchange 3.x
http://secunia.com/product/66/
Trend Micro ScanMail for Lotus Notes 3.x
http://secunia.com/product/4711/
Trend Micro ScanMail for Lotus Notes 2.x
http://secunia.com/product/1021/
Trend Micro ScanMail eManager 5.x
http://secunia.com/product/4710/
Trend Micro ScanMail eManager 3.x
http://secunia.com/product/68/
Trend Micro PortalProtect for SharePoint 1.x
http://secunia.com/product/4709/
Trend Micro PC-cillin Internet Security 2005
http://secunia.com/product/4708/
Trend Micro PC-cillin 2003
http://secunia.com/product/853/
Trend Micro PC-cillin 2002
http://secunia.com/product/852/
Trend Micro PC-cillin 2000
http://secunia.com/product/851/
Trend Micro OfficeScan Corporate Edition 6.x
http://secunia.com/product/4323/
Trend Micro OfficeScan Corporate Edition 5.x
http://secunia.com/product/854/
Trend Micro OfficeScan Corporate Edition 3.x
http://secunia.com/product/855/
Trend Micro InterScan WebProtect for ISA 3.x
http://secunia.com/product/65/
Trend Micro InterScan WebManager 2.x
http://secunia.com/product/64/
Trend Micro InterScan Web Security Suite 2.x
http://secunia.com/product/4086/
Trend Micro InterScan Web Security Suite 1.x
http://secunia.com/product/4085/
Trend Micro InterScan VirusWall 3.x
http://secunia.com/product/60/
Trend Micro InterScan Messaging Security Suite 5.x
http://secunia.com/product/61/
Trend Micro InterScan eManager 3.x
http://secunia.com/product/62/

DESCRIPTION:
ISS X-Force has reported a vulnerability in various Trend Micro
products, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error in the AntiVirus
library when processing ARJ files. This can be exploited to cause a
heap-based buffer overflow via a specially crafted ARJ file
containing an overly long filename.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* Trend Micro Client / Server / Messaging Suite for SMB for Windows
* Trend Micro Client / Server Suite for SMB for Windows
* Trend Micro InterScan eManager
* Trend Micro InterScan Messaging Security Suite for Linux
* Trend Micro InterScan Messaging Security Suite for Solaris
* Trend Micro InterScan Messaging Security Suite for Windows
* Trend Micro InterScan VirusWall for AIX
* Trend Micro InterScan VirusWall for HP-UX
* Trend Micro InterScan VirusWall for Linux
* Trend Micro InterScan VirusWall for SMB
* Trend Micro InterScan VirusWall for Solaris
* Trend Micro InterScan VirusWall for Windows
* Trend Micro InterScan Web Security Suite for Linux
* Trend Micro InterScan Web Security Suite for Solaris
* Trend Micro InterScan Web Security Suite for Windows
* Trend Micro InterScan WebManager
* Trend Micro InterScan WebProtect for ISA
* Trend Micro OfficeScan Corp. Edition
* Trend Micro PC-cillin Internet Security
* Trend Micro PortalProtect for SharePoint
* Trend Micro ScanMail eManager
* Trend Micro ScanMail for Lotus Domino on AIX
* Trend Micro ScanMail for Lotus Domino on AS/400
* Trend Micro ScanMail for Lotus Domino on S/390
* Trend Micro ScanMail for Lotus Domino on Solaris
* Trend Micro ScanMail for Lotus Domino on Windows
* Trend Micro ScanMail for Microsoft Exchange
* Trend Micro ServerProtect for Linux
* Trend Micro ServerProtect for Windows

SOLUTION:
Update scan engine to VSAPI 7.510 or later.
http://www.trendmicro.com/download/engine.asp

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
Trend Micro:
http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/189

Discussion is locked

Follow
Reply to: VULNERABILITIES - February 25, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VULNERABILITIES - February 25, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Sun Solaris stfontserverd Arbitrary File Manipulation Vulner

TITLE:
Sun Solaris stfontserverd Arbitrary File Manipulation Vulnerability

SECUNIA ADVISORY ID:
SA14381

VERIFY ADVISORY:
http://secunia.com/advisories/14381/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, DoS

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/product/95/

DESCRIPTION:
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to overwrite or delete arbitrary
files on a vulnerable system.

The vulnerability is caused due to an unspecified error in the STSF
Font Server (stfontserverd).

SOLUTION:
Apply patches.

-- SPARC Platform --

Solaris 9:
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=117201&rev=09


-- x86 Platform --

Solaris 9:
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=117202&rev=09

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://classic.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57738

- Collapse -
Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit

Vulnerability

Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content.

An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code.

It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.

Solution: It should be noted that this issue must be exploited along with the issues outlined in BID 12465 and 12566. The vendor has released an upgrade resolving those issues. Users are advised to install the upgrade to limit the scope of possible attacks.

http://www.securityfocus.com/bid/12655/info/

CNET Forums

Forum Info