Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25778] Trend Micro OfficeScan CGI Modules Buffer Overflow and Authentication Bypass



> ----------------------------------------------------------------------
> 
> TITLE:
> Trend Micro OfficeScan CGI Modules Buffer Overflow and Authentication
> Bypass
> 
> SECUNIA ADVISORY ID:
> SA25778
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25778/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass, System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> Trend Micro OfficeScan Corporate Edition 8.x
> http://secunia.com/product/14630/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Trend Micro OfficeScan,
> which can be exploited by malicious people to bypass certain security
> restrictions or compromise a vulnerable system.
> 
> 1) A boundary error within a CGI module can be exploited to cause a
> buffer overflow and execute arbitrary code.
> 
> 2) An unspecified error within a CGI module can be exploited to
> bypass the authentication mechanism of the OfficeScan Management
> Console via a specially crafted HTTP header.
> 
> The vulnerabilities affect OfficeScan Corporate Edition version 8.0.
> 
> SOLUTION:
> Apply Security Patch - Build 1042:
> http://www.trendmicro.com/ftp/products/patches/osce_80_win_en_
securitypatch_b1042.exe
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://www.trendmicro.com/ftp/documentation/readme/osce_80_win
_en_securitypatch_b1042_readme.txt
> 



 




Copyright © Lexa Software, 1996-2009.