Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA24087] Trend Micro Products UPX Processing Buffer Overflow Vulnerability

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA24087] Trend Micro Products UPX Processing Buffer Overflow Vulnerability
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Thu, 8 Feb 2007 13:28:47 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcdLadW9o6tQksnmQsuKF5Acyl35hgAAgM6w
Thread-topic: [SA24087] Trend Micro Products UPX Processing Buffer Overflow Vulnerability

В развитие темы - удобно для тех, кто будет обновлять

> ----------------------------------------------------------------------
> 
> TITLE:
> Trend Micro Products UPX Processing Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA24087
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24087/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Trend Micro ServerProtect for Windows/NetWare 5.x
> http://secunia.com/product/1153/
> Trend Micro ServerProtect for Linux 1.x
> http://secunia.com/product/4712/
> Trend Micro ScanMail for Openmail 2.x
> http://secunia.com/product/1022/
> Trend Micro ScanMail for Microsoft Exchange 7.x
> http://secunia.com/product/8046/
> Trend Micro ScanMail for Microsoft Exchange 6.x
> http://secunia.com/product/67/
> Trend Micro ScanMail for Microsoft Exchange 3.x
> http://secunia.com/product/66/
> Trend Micro ScanMail for Lotus Notes 3.x
> http://secunia.com/product/4711/
> Trend Micro ScanMail for Lotus Notes 2.x
> http://secunia.com/product/1021/
> Trend Micro ScanMail eManager 5.x
> http://secunia.com/product/4710/
> Trend Micro ScanMail eManager 3.x
> http://secunia.com/product/68/
> Trend Micro PortalProtect for SharePoint 1.x
> http://secunia.com/product/4709/
> Trend Micro PC-cillin Internet Security 2007
> http://secunia.com/product/13436/
> Trend Micro PC-cillin Internet Security 2006 / 14.x
> http://secunia.com/product/8828/
> Trend Micro PC-cillin Internet Security 2005
> http://secunia.com/product/4708/
> Trend Micro PC-cillin 2003
> http://secunia.com/product/853/
> Trend Micro PC-cillin 2002
> http://secunia.com/product/852/
> Trend Micro PC-cillin 2000
> http://secunia.com/product/851/
> Trend Micro OfficeScan Corporate Edition 7.x
> http://secunia.com/product/5007/
> Trend Micro OfficeScan Corporate Edition 6.x
> http://secunia.com/product/4323/
> Trend Micro OfficeScan Corporate Edition 5.x
> http://secunia.com/product/854/
> Trend Micro OfficeScan Corporate Edition 3.x
> http://secunia.com/product/855/
> Trend Micro InterScan WebProtect for ISA 3.x
> http://secunia.com/product/65/
> Trend Micro InterScan WebManager 2.x
> http://secunia.com/product/64/
> Trend Micro InterScan Web Security Suite 2.x
> http://secunia.com/product/4086/
> Trend Micro InterScan Web Security Suite 1.x
> http://secunia.com/product/4085/
> Trend Micro InterScan VirusWall 3.x
> http://secunia.com/product/60/
> Trend Micro InterScan Messaging Security Suite 5.x
> http://secunia.com/product/61/
> Trend Micro InterScan eManager 3.x
> http://secunia.com/product/62/
> Trend Micro InterScan AppletTrap  2.x
> http://secunia.com/product/63/
> Trend Micro Control Manager (TMCM) 3.x
> http://secunia.com/product/4468/
> Trend Micro Client Server Messaging Security for SMB 3.x
> http://secunia.com/product/13440/
> Trend Micro Client Server Security for SMB 3.x
> http://secunia.com/product/13442/
> 
> DESCRIPTION:
> A vulnerability has been reported in Trend Micro products, which can
> be exploited by malicious people to cause a DoS (Denial of Service)
> or potentially compromise a vulnerable system.
> 
> The vulnerability is caused due to an error within the processing of
> UPX compressed executables. This can be exploited to cause a buffer
> overflow when scanning a specially crafted UPX compressed executable
> file.
> 
> Successful exploitation may allow execution of arbitrary code or
> cause the system to crash.
> 
> The vulnerability reportedly affects all Trend Micro products and
> versions that use the Scan Engine and Pattern File technology.
> 
> SOLUTION:
> Update the virus pattern file to 4.245.00 or higher.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by an anonymous person and reported via iDefense Labs.
> 
> ORIGINAL ADVISORY:
> Trend Micro:
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=470
>

Prev by Date: [security-alerts] FW: Утечка LJ-паролей в Яндекс.Ленте
Next by Date: [security-alerts] FYI: PHP 5.2.1 Release Announcement
Previous by thread: [security-alerts] FW: Утечка LJ-паролей в Яндекс.Ленте
Next by thread: [security-alerts] FYI: PHP 5.2.1 Release Announcement
Index(es):
- Date
- Thread