Trend Micro ServerProtect Contains Multiple Vulnerabilities
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-235A.html
JVNRSS based Status Tracking Notes: A number of vulnerabilities exist in the Trend Micro ServerProtect antivirus product. These vulnerabilities could allow a remote attacker to completely compromise an affected system.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-235A2007-08-26T04:09+00:002007-08-26T04:09+00:002007-08-26T04:09+00:00Trend Micro ServerProtect Contains Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-235A.html
Via US-CERT Mailing List
US-CERTTA07-235Ahttp://www.uscert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/204448http://www.kb.cert.org/vuls/id/109056http://www.kb.cert.org/vuls/id/9594002007-08-23T15:54-04:002007-08-23T15:54-04:002007-08-23T15:54-04:00Trend Micro ServerProtect Update
http://isc.sans.org/diary.html?storyid=3310
Indications are that the ServerProtect exploit is against an older vulnerability from earlier this year, February 2007. This vulnerability was patched previously. The vulnerability appears to be "vulnerabilty one" in this advisory: TPTI-07-02. But this does indeed appear to be a new exploit, thus machines are being actively compromised if they haven't been patched.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-235A.html2007-08-23T18:54+00:002007-08-23T18:54+00:002007-08-23T18:54+00:00Increased activity targeting TCP port 5168
http://www.jpcert.or.jp/at/2007/at070019.txt
JPCERT/CCJPCERT-AT-2007-0019http://www.us-cert.gov/cas/techalerts/TA07-235A.html2007-08-23T08:58+00:002007-08-23T08:58+00:002007-08-23T08:58+00:00Trend Micro management exploit payload perhaps?
http://isc.sans.org/diary.html?storyid=3309
Let's see what our shellcode analysts can determine before we post complete packet payload.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-235A.html2007-08-23T08:00+00:002007-08-23T08:00+00:002007-08-23T08:00+00:00Potential Trend Micro ServerProtect Security Risk
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035930
Product:ServerProtect for Microsoft Windows - 5.58
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
Trend MicroSolution ID: 1035930http://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/204448http://www.kb.cert.org/vuls/id/109056http://www.kb.cert.org/vuls/id/959400http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42192007-08-22T22:43+00:002007-08-22T22:43+00:002007-08-22T22:43+00:00Multiple Vulnerabilities in Trend Micro Products
http://www.uscert.gov/current/archive/2007/08/22/archive.html#multiple_vulnerabilities_in_trend_micro
Trend Micro has released updates to address several vulnerabilities in their ServerProtect, AntiSpyware, and PC-cillin Internet Security products. By sending a crafted RPC request or creating a file on the local file system with an overly long path, an attacker may be able to cause a denial-of-service condition or execute arbitrary code on an affected system.
US-CERThttp://www.uscert.gov/cas/techalerts/TA07-235A.html2007-08-22T12:58-04:002007-08-22T12:58-04:002007-08-22T12:58-04:00Trend Micro scanning on TCP 5168
http://isc.sans.org/diary.html?storyid=3306
We are seeing some heavy scanning activity on TCP 5168. Probably for Trend Micro ServerProtect. There was vulnerabilities announced for this product yesterday.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-235A.html2007-08-222007-08-222007-08-22[Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0395.html
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
Full-disclosurehttp://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/959400http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42192007-08-21T17:43-05:002007-08-21T17:43-05:002007-08-21T17:43-05:00[Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0394.html
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Full-disclosurehttp://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/204448http://www.kb.cert.org/vuls/id/109056http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42182007-08-21T17:21-05:002007-08-21T17:21-05:002007-08-21T17:21-05:00[Full-disclosure] iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0391.html
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
Full-disclosurehttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38732007-08-21T14:16-05:002007-08-21T14:16-05:002007-08-21T14:16-05:00[Hot Fix]B1028 - The SSAPI module crashes once a folder or file exceeds the max_path character limit
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035845
Product: PC-cillin Internet Security - 2007, Trend Micro Anti-Spyware for Consumer - 3.5
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
Trend MicroSolution ID: 10358452007-08-202007-08-202007-08-20ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 - Security Patch 4 - Build 1185
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/204448http://www.kb.cert.org/vuls/id/109056http://www.kb.cert.org/vuls/id/959400http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42192007-07-26T09:00+00:002007-07-26T09:00+00:002007-07-26T09:00+00:00Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586
Trend Micro SSAPI Vulnerability(CVE-2007-3873)
Vulnerability Reported
iDefensehttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-38732007-07-122007-07-122007-07-12Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588
Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219)
Vulnerability Reported
iDefensehttp://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/959400http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42192007-06-142007-06-142007-06-14Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=587
Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218)
Vulnerability Reported
iDefensehttp://www.us-cert.gov/cas/techalerts/TA07-235A.htmlhttp://www.kb.cert.org/vuls/id/204448http://www.kb.cert.org/vuls/id/109056http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-42182007-06-142007-06-142007-06-14Y81YeOByWvGkOXKiCskAmI4cpEY=NR7uGluLyQuPjl0Qs/NR3eiue6Y=kPByZqJeOu2KsbuxennOPFpNyxNDviOkIfXHtkvhltXDvUpJSxZyb2fDzICJuZK6rBxehAPiUt+NRZ1V9sGHIfsvJaOvz38r2+LV8c8H2syER9JRISB4NKUpf5VHVO8yOArwuytGjQdFZw9+UhY4ZO53u4UFL7IFgbGl2uVxYVI=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==