Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Rod Boron (rod_boron_at_yahoo.com)
Date: Tue Jan 14 2003 - 19:44:20 CST
Trend Micro Assorted Vulnerabilities
Rev 2.0 01/14/03
I have had these sitting around for about a year
and just said "fawk it" and am giving 'em to the
community to sort through before they start growing
edible fungi. Not even sure if they work on newer
Trend software, too busy with other matters and
projects, but I'm thinking they just might. Some may
just be poor configuration and installation practices
by the user, who knows. No real magical bullet buffer
overflows here, just some weird web app practices.
Most can be access controlled or given stricter
at the OS level.
All of these "vulns", per say, can be accessed
on servers with poor border controls. Fire up a
Google session and see!
Despite these oddities, in my opinion, Trend still
excels over others in it's capabilities and
into a corp network.
Well, enjoy, discuss, criticize, elaborate,
evaluate, but please don't devastate.
-Don't underestimate the subtlety of letting others
think they know more than you.
*******Trend Officescan password change/bypass*******
Allows you to skip the default
and create your own password to login with. Full
access to the web based Officescan
management page now granted. Hell, you can access
all the nice .exe's in the /cgi. This is easily
cured by correcting permissions and access to the
*******Trend Micro TVCS IIS Dos*******
10 requests for this .exe will cause 10 instances of
ActiveSupport.exe to be started. Each consuming 2.5
M's of memory and causing a Dos effect on IIS lasting
for up to 5 minutes till each instance of the .exe
*******Trend Scanmail Password Bypass*******
Some magical backdoor Trend installed to bypass
authentication into their web management page for
Scanmail for Exchange. Does it work on other Scanmail
*******Trend Micro TVCS Log Collector*******
This one gives up the farm and the rooster's eggs.
Follow the steps 2-4 and download a very well endowed
zip file. Within holds the kings jewels. Trivial
encrytion protects both the TVCS password and the
service user account and password. Bet lazy admins
are running Trend as administrator. Some other
enumeration goodies in there to tickle one's
Where "x.x.x.x" is equivalent to:
-----------== Vin Diesel ==-------------
"The Fast, the Furious, and the Fortran"
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.