OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: snsadvlac.co.jp
Date: Mon Jul 02 2001 - 01:16:08 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----------------------------------------------------------------------
    SNS Advisory No.36
    TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow
    Vulnerability

    Problem first discovered: Mon, 11 Jun 2001
    Published: Mon, 2 Jul 2001
    ----------------------------------------------------------------------

    Overview
    ---------
      Trend Micro InterScan WebManager is a software which provides
      malicious mobile code protection, URL filtering and traffic management.
      A buffer overflow vulnerability exists in HttpSave.dll which is used as
      web management console feature in InterScan WebManager version 1.2.
      This problem can allow remote users to execute arbitrary commands with
      SYSTEM privilege.

    Problem Description
    -------------------
      InterScan WebManager has a feature which provides management web
      console. HttpSave.dll which is used for this feature has a buffer overflow
      when long value is given to a certain parameter.

      A buffer overflow occurs in the following dump:

      00ECFAF0 4F 4F 4F 4F OOOO
      00ECFAF4 50 50 50 50 PPPP
      00ECFAF8 51 51 51 51 QQQQ
      00ECFAFC 52 52 52 52 RRRR
      00ECFB00 53 53 53 53 SSSS
      00ECFB04 54 54 54 54 TTTT

      EAX = 00ECFAF4
      EIP = 4F4F4F4F

      Therefore, arbitrary code which is addressed 00ECFAF4 may be executed
      by calling eax.

    Tested Version
    --------------
      TrendMicro InterScan WebManager Version 1.2

    Tested on
    ---------
      Microsoft Windows NT Server 4.0 + SP6a [English]

    Status of fixes
    ---------------
      No patches are available at this moment. Trend Micro support team
      responded that this problem would be fixed on the next version of
      WebManager. Until the patch is released, we recommend restrict
      access to servers.

    Discovered by
    -------------
      ARAI Yuu (LAC) y.arailac.co.jp

    Disclaimer
    ----------
      All information in these advisories are subject to change without any
      advanced notices neither mutual consensus, and each of them is
      released as it is. LAC Co.,Ltd. is not responsible for any risks of
      occurrences caused by applying those information.

    References
    ----------
      Archive of this advisory:
            http://www.lac.co.jp/security/english/snsadv_e/36_e.html

    ------------------------------------------------------------------
    Secure Net Service(SNS) Security Advisory <snsadvlac.co.jp>
    Computer Security Laboratory, LAC http://www.lac.co.jp/security/