Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 25, 2005

by roddy32 / February 24, 2005 9:59 PM PST

TITLE:
Trend Micro Products AntiVirus Library Buffer Overflow

SECUNIA ADVISORY ID:
SA14396

VERIFY ADVISORY:
http://secunia.com/advisories/14396/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Trend Micro ServerProtect for Windows/NetWare 5.x
http://secunia.com/product/1153/
Trend Micro ServerProtect for Linux 1.x
http://secunia.com/product/4712/
Trend Micro ScanMail for Microsoft Exchange 6.x
http://secunia.com/product/67/
Trend Micro ScanMail for Microsoft Exchange 3.x
http://secunia.com/product/66/
Trend Micro ScanMail for Lotus Notes 3.x
http://secunia.com/product/4711/
Trend Micro ScanMail for Lotus Notes 2.x
http://secunia.com/product/1021/
Trend Micro ScanMail eManager 5.x
http://secunia.com/product/4710/
Trend Micro ScanMail eManager 3.x
http://secunia.com/product/68/
Trend Micro PortalProtect for SharePoint 1.x
http://secunia.com/product/4709/
Trend Micro PC-cillin Internet Security 2005
http://secunia.com/product/4708/
Trend Micro PC-cillin 2003
http://secunia.com/product/853/
Trend Micro PC-cillin 2002
http://secunia.com/product/852/
Trend Micro PC-cillin 2000
http://secunia.com/product/851/
Trend Micro OfficeScan Corporate Edition 6.x
http://secunia.com/product/4323/
Trend Micro OfficeScan Corporate Edition 5.x
http://secunia.com/product/854/
Trend Micro OfficeScan Corporate Edition 3.x
http://secunia.com/product/855/
Trend Micro InterScan WebProtect for ISA 3.x
http://secunia.com/product/65/
Trend Micro InterScan WebManager 2.x
http://secunia.com/product/64/
Trend Micro InterScan Web Security Suite 2.x
http://secunia.com/product/4086/
Trend Micro InterScan Web Security Suite 1.x
http://secunia.com/product/4085/
Trend Micro InterScan VirusWall 3.x
http://secunia.com/product/60/
Trend Micro InterScan Messaging Security Suite 5.x
http://secunia.com/product/61/
Trend Micro InterScan eManager 3.x
http://secunia.com/product/62/

DESCRIPTION:
ISS X-Force has reported a vulnerability in various Trend Micro
products, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error in the AntiVirus
library when processing ARJ files. This can be exploited to cause a
heap-based buffer overflow via a specially crafted ARJ file
containing an overly long filename.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* Trend Micro Client / Server / Messaging Suite for SMB for Windows
* Trend Micro Client / Server Suite for SMB for Windows
* Trend Micro InterScan eManager
* Trend Micro InterScan Messaging Security Suite for Linux
* Trend Micro InterScan Messaging Security Suite for Solaris
* Trend Micro InterScan Messaging Security Suite for Windows
* Trend Micro InterScan VirusWall for AIX
* Trend Micro InterScan VirusWall for HP-UX
* Trend Micro InterScan VirusWall for Linux
* Trend Micro InterScan VirusWall for SMB
* Trend Micro InterScan VirusWall for Solaris
* Trend Micro InterScan VirusWall for Windows
* Trend Micro InterScan Web Security Suite for Linux
* Trend Micro InterScan Web Security Suite for Solaris
* Trend Micro InterScan Web Security Suite for Windows
* Trend Micro InterScan WebManager
* Trend Micro InterScan WebProtect for ISA
* Trend Micro OfficeScan Corp. Edition
* Trend Micro PC-cillin Internet Security
* Trend Micro PortalProtect for SharePoint
* Trend Micro ScanMail eManager
* Trend Micro ScanMail for Lotus Domino on AIX
* Trend Micro ScanMail for Lotus Domino on AS/400
* Trend Micro ScanMail for Lotus Domino on S/390
* Trend Micro ScanMail for Lotus Domino on Solaris
* Trend Micro ScanMail for Lotus Domino on Windows
* Trend Micro ScanMail for Microsoft Exchange
* Trend Micro ServerProtect for Linux
* Trend Micro ServerProtect for Windows

SOLUTION:
Update scan engine to VSAPI 7.510 or later.
http://www.trendmicro.com/download/engine.asp

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
Trend Micro:
http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/189

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 25, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 25, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Solaris stfontserverd Arbitrary File Manipulation Vulner
by roddy32 / February 24, 2005 11:56 PM PST

TITLE:
Sun Solaris stfontserverd Arbitrary File Manipulation Vulnerability

SECUNIA ADVISORY ID:
SA14381

VERIFY ADVISORY:
http://secunia.com/advisories/14381/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, DoS

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/product/95/

DESCRIPTION:
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to overwrite or delete arbitrary
files on a vulnerable system.

The vulnerability is caused due to an unspecified error in the STSF
Font Server (stfontserverd).

SOLUTION:
Apply patches.

-- SPARC Platform --

Solaris 9:
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=117201&rev=09


-- x86 Platform --

Solaris 9:
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=117202&rev=09

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://classic.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57738

Collapse -
Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit
by Donna Buenaventura / February 25, 2005 1:02 AM PST

Vulnerability

Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content.

An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code.

It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.

Solution: It should be noted that this issue must be exploited along with the issues outlined in BID 12465 and 12566. The vendor has released an upgrade resolving those issues. Users are advised to install the upgrade to limit the scope of possible attacks.

http://www.securityfocus.com/bid/12655/info/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.