[security-alerts] FW: [SA25186] Trend Micro ServerProtect Two Buffer Overflow Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Trend Micro ServerProtect Two Buffer Overflow Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA25186
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25186/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> Trend Micro ServerProtect for Windows/NetWare 5.x
> http://secunia.com/product/1153/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Trend Micro ServerProtect,
> which can be exploited by malicious people to compromise a vulnerable
> system.
> 
> 1) A boundary error within the EarthAgent.exe service can be
> exploited to cause a stack-based buffer overflow via a specially
> crafted RPC request to the said service (default port 3628/TCP).
> 
> 2) A boundary error within the "CAgRpcClient::CreateBinding()"
> function in AgRpcCln.dll can be exploited to cause a stack-based
> buffer overflow via a specially crafted RPC request to the
> SpntSvc.exe service (default port 5168/TCP).
> 
> Successful exploitation of the vulnerabilities allows execution of
> arbitrary code.
> 
> The vulnerabilities reportedly affect version 5.58.
> 
> SOLUTION:
> Apply patches.
> http://www.trendmicro.com/download_beta/product.asp?productid=17
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by Eric Detoisien and reported via ZDI.
> 
> ORIGINAL ADVISORY:
> Trend Micro:
> http://www.trendmicro.com/download_beta/product.asp?productid=17
> 
> ZDI:
> http://www.zerodayinitiative.com/advisories/ZDI-07-024.html
> http://www.zerodayinitiative.com/advisories/ZDI-07-025.html
>