- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
Trend Micro Inc.'s
<http://us.trendmicro.com/us/products/enterprise/serverprotect-for-microsoft-windows/index.html> ServerProtect is "an anti-virus software for Microsoft Windows and Novell NetWare servers. It enables network administrators to manage multiple deployments from a single management console". Remote exploitation of an integer overflow vulnerability in Trend Micro Inc.'s ServerProtect anti-virus software could allow attackers to execute arbitrary code with system level privilege.
DETAILS
Vulnerable Systems:
* Trend Micro ServerProtect for Windows version 5.58 Build 1176 (Security
Patch 3)
Immune Systems:
* Trend Micro ServerProtect for Windows Security Patch 4
The Trend ServerProtect service (SpntSvc.exe) handles RPC requests on TCP
port 5168 with interface uuid 25288888-bd5b-11d1-9d53-0080c83a5c2c. This
service utilizes the StRpcSrv.dll library to service various RPC requests.
An integer overflow exists wtihin the RPCFN_SYNC_TASK function. This
function allocates memory based on a user-supplied integer within the
request data. By specifying a value that causes an integer overflow during
arithmetic calculations, an attacker can cause too little memory to be
allocated. User-supplied data is then copied into the resulting buffer
using lstrcpyW. This results in an exploitable heap buffer overflow.
Analysis:
Exploitation allows attackers to execute arbitrary code with system level
privilege.
Exploitation requires that attackers send specially crafted RPC requests
to the Trend ServerProtect or Trend ServerProtect Agent services.
Vendor response:
Trend Micro has addressed these vulnerabilities with the release of
Security Patch 4 for ServerProtect. For more information consult the
release notes at the following URL:
<http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt> http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4219>
CVE-2007-4219
Disclosure timeline:
06/14/2007 - Initial vendor notification
06/20/2007 - Initial vendor response
08/21/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment