CERT-In Vulnerability Note CIVN-2009-19
Multiple Vulnerabilities in Trend Micro Products
Original Issue Date:January 29, 2009
Severity Rating:
High
Systems Affected
- Trend Micro OfficeScan Corporate Edition 8.x
- Trend Micro, PC-Cillin Internet Security 2007
- Trend Micro, PC-Cillin Internet Security 2008 17.0.1224
Overview
Multiple vulnerabilities have been reported in Trend Micro OfficeScan Corporate Edition 8.x client, which could allow local attacker to cause denial of service, execution of arbitrary code via local machine, bypass certain security features and potentially gain escalated privileges.
Description
1. Denial of Service Vulnerability (CVE-2008-3864)
An input validation flaws exist in the OfficeScan NT Firewall service (TmPfw.exe) within the "ApiThread()" function while processing packets sent to service on default TCP port 40000. This vulnerability could be exploited via specially crafted packets containing a large value in an unspecified size field. Successful exploitation of this vulnerability could allow remote attackers to cause denial of service (service crash).
2. Buffer Overflow Vulnerability (CVE-2008-3865)
An Buffer Overflow vulnerability exist in "ApiThread()" function in the firewall service (TmPfw.exe) in Trend Micro Network Security Component ( NSC ) modules of Trend Micro OfficeScan 8.0 Patch 1 and Internet Security 2007 and 2008. This vulnerability could be exploited via specially crafted packet containing small value in an unspecified size field. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on vulnerable system with SYSTEM privileges.
3. Security Bypass Vulnerability (CVE-2008-3866)
A security bypass vulnerability has been reported in Trend Micro Network Security Component ( NSC ) modules which could allow local attackers to bypass some security restrictions. This vulnerability is caused due to missing password check in Trend Micro Personal firewall service (TmPfw.exe). A local attacker could exploit this vulnerability by sending specially crafted packets to TCP port 40000 to bypass security restrictions and modify firewall settings.
Solution
Apply appropriate patch as mentioned in
Trend Micro Critical Patch release 3191
Vendor Information
Trend Micro
http://www.trendmicro.com/ftp/documentation/readme/
OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
References
Trend Micro
http://www.trendmicro.com/ftp/documentation/readme/
OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
ISS X-Force
http://xforce.iss.net/xforce/xfdb/48106
http://xforce.iss.net/xforce/xfdb/48107
http://xforce.iss.net/xforce/xfdb/48108
Secunia
http://secunia.com/secunia_research/2008-42/
http://secunia.com/secunia_research/2008-43/
http://secunia.com/advisories/33609/
http://secunia.com/advisories/31160
SecurityFocus
http://www.securityfocus.com/bid/33358
http://www.securityfocus.com/archive/1/archive/1/500195/
100/0/threaded
SecurityTracker
http://securitytracker.com/alerts/2009/Jan/1021614.html
http://securitytracker.com/alerts/2009/Jan/1021616.html
VUPEN Security
http://www.vupen.com/english/advisories/2009/0191
Security Reason
http://securityreason.com/securityalert/4937
CVE Name
CVE-2008-3864
CVE-2008-3865
CVE-2008-3866
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
