Status Tracking Note TRTA07-235A

Trend Micro ServerProtect Contains Multiple Vulnerabilities

Overview

A number of vulnerabilities exist in the Trend Micro ServerProtect antivirus product. These vulnerabilities could allow a remote attacker to completely compromise an affected system.
Event Information


Date (UTC)Description
2007-08-23 19:54 US-CERT
TA07-235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities
Via US-CERT Mailing List
2007-08-23 18:54 SANS Internet Storm Center
Trend Micro ServerProtect Update
Indications are that the ServerProtect exploit is against an older vulnerability from earlier this year, February 2007. This vulnerability was patched previously. The vulnerability appears to be "vulnerabilty one" in this advisory: TPTI-07-02. But this does indeed appear to be a new exploit, thus machines are being actively compromised if they haven't been patched.
2007-08-23 08:58 JPCERT/CC
JPCERT-AT-2007-0019: Increased activity targeting TCP port 5168
2007-08-23 08:00 SANS Internet Storm Center
Trend Micro management exploit payload perhaps?
Let's see what our shellcode analysts can determine before we post complete packet payload.
2007-08-22 22:43 Trend Micro
Solution ID: 1035930: Potential Trend Micro ServerProtect Security Risk
Product:ServerProtect for Microsoft Windows - 5.58
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-08-22 16:58 US-CERT
Multiple Vulnerabilities in Trend Micro Products
Trend Micro has released updates to address several vulnerabilities in their ServerProtect, AntiSpyware, and PC-cillin Internet Security products. By sending a crafted RPC request or creating a file on the local file system with an overly long path, an attacker may be able to cause a denial-of-service condition or execute arbitrary code on an affected system.
2007-08-22 SANS Internet Storm Center
Trend Micro scanning on TCP 5168
We are seeing some heavy scanning activity on TCP 5168. Probably for Trend Micro ServerProtect. There was vulnerabilities announced for this product yesterday.
2007-08-21 22:43 Full-disclosure
[Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-08-21 22:21 Full-disclosure
[Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
2007-08-21 19:16 Full-disclosure
[Full-disclosure] iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
2007-08-20 Trend Micro
Solution ID: 1035845: [Hot Fix]B1028 - The SSAPI module crashes once a folder or file exceeds the max_path character limit
Product: PC-cillin Internet Security - 2007, Trend Micro Anti-Spyware for Consumer - 3.5
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
2007-07-26 09:00 Trend Micro
ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 - Security Patch 4 - Build 1185
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
2007-07-12 iDefense
Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
Vulnerability Reported
2007-06-14 iDefense
Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
Vulnerability Reported
2007-06-14 iDefense
Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Vulnerability Reported


Date first published (UTC): 2007-08-26T04:09+00:00
Date last updated (UTC): 2007-08-26T04:09+00:00