Status Tracking Note TRTA07-235A

Trend Micro ServerProtect Contains Multiple Vulnerabilities

A number of vulnerabilities exist in the Trend Micro ServerProtect antivirus product. These vulnerabilities could allow a remote attacker to completely compromise an affected system.

Event Information

Date (UTC)	Description
2007-08-23 19:54	US-CERT TA07-235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities Via US-CERT Mailing List
2007-08-23 18:54	SANS Internet Storm Center Trend Micro ServerProtect Update Indications are that the ServerProtect exploit is against an older vulnerability from earlier this year, February 2007. This vulnerability was patched previously. The vulnerability appears to be "vulnerabilty one" in this advisory: TPTI-07-02. But this does indeed appear to be a new exploit, thus machines are being actively compromised if they haven't been patched.
2007-08-23 08:58	JPCERT/CC JPCERT-AT-2007-0019: Increased activity targeting TCP port 5168
2007-08-23 08:00	SANS Internet Storm Center Trend Micro management exploit payload perhaps? Let's see what our shellcode analysts can determine before we post complete packet payload.
2007-08-22 22:43	Trend Micro Solution ID: 1035930: Potential Trend Micro ServerProtect Security Risk Product:ServerProtect for Microsoft Windows - 5.58 Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-08-22 16:58	US-CERT Multiple Vulnerabilities in Trend Micro Products Trend Micro has released updates to address several vulnerabilities in their ServerProtect, AntiSpyware, and PC-cillin Internet Security products. By sending a crafted RPC request or creating a file on the local file system with an overly long path, an attacker may be able to cause a denial-of-service condition or execute arbitrary code on an affected system.
2007-08-22	SANS Internet Storm Center Trend Micro scanning on TCP 5168 We are seeing some heavy scanning activity on TCP 5168. Probably for Trend Micro ServerProtect. There was vulnerabilities announced for this product yesterday.
2007-08-21 22:43	Full-disclosure [Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-08-21 22:21	Full-disclosure [Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
2007-08-21 19:16	Full-disclosure [Full-disclosure] iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability Trend Micro SSAPI Vulnerability(CVE-2007-3873)
2007-08-20	Trend Micro Solution ID: 1035845: [Hot Fix]B1028 - The SSAPI module crashes once a folder or file exceeds the max_path character limit Product: PC-cillin Internet Security - 2007, Trend Micro Anti-Spyware for Consumer - 3.5 Trend Micro SSAPI Vulnerability(CVE-2007-3873)
2007-07-26 09:00	Trend Micro ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 - Security Patch 4 - Build 1185 Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-07-12	iDefense Trend Micro SSAPI Long Path Buffer Overflow Vulnerability Trend Micro SSAPI Vulnerability(CVE-2007-3873) Vulnerability Reported
2007-06-14	iDefense Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219) Vulnerability Reported
2007-06-14	iDefense Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Vulnerability Reported


Date first published (UTC):	2007-08-26T04:09+00:00
Date last updated (UTC):	2007-08-26T04:09+00:00