Subject: Re: What to do with a vulerability? - msg#00042

Previous Message by Date: click to view message preview

RE: Assorted Trend Vulns Rev 2.0

Rob: > *******Trend Officescan password change/bypass******* Trend Micro developed an adminstration tool called "CGI_NTFS". This Tool is part of the toolbox which gets installed by default during the OfficeScan installation. Since Officescan Version 5.02 this toolbox is also available via the administration web interface. For deeper detailed information please look into solution id#13353 in the solutionbank of Trend Micro (http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353). > *******Trend Scanmail Password Bypass******* Trend Micro is aware of this vulnerability and provides workarounds and fixes at: http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352 ScanMail for Exchange v3.81 (for Microsoft Exchange Server 5.5) and ScanMail for Exchange v6.1 (for Microsoft Exchange Server 2000) are not affected by this vulnerability. > *******Trend Micro TVCS IIS Dos******* > *******Trend Micro TVCS Log Collector******* TVCS has been replaced through TMCM (Trend Micro Control Manager). This product is not affected. see also: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html regards Herbert Tenhagen ps: your mail was queued for 7 days at securityfocus before it was announced at vuln-dev. That's the reason for the delayed answer. ... Received: from outgoing3.securityfocus.com (outgoing3.securityfocus.com [205.206.231.27]) by mail.client.tld (8.12.7/8.12.7) with ESMTP id h0KJTRlY552375 for <vuln-dev@xxxxxxxxxx>; Wed, 22 Jan 2003 00:15:36 +0100 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id 3DD41A5192; Fri, 17 Jan 2003 13:15:15 -0700 (MST) ... Received: (qmail 27418 invoked from network); 15 Jan 2003 01:13:16 -0000 ... Date: Tue, 14 Jan 2003 17:44:20 -0800 (PST) From: Rod Boron <rod_boron@xxxxxxxxx> Subject: Assorted Trend Vulns Rev 2.0 To: vuln-dev@xxxxxxxxxxxxxxxxx ... -----Original Message----- From: Rod Boron [mailto:rod_boron@xxxxxxxxx] Sent: Mittwoch, 15. Januar 2003 02:44 To: vuln-dev@xxxxxxxxxxxxxxxxx Subject: Assorted Trend Vulns Rev 2.0 Trend Micro Assorted Vulnerabilities Rev 2.0 01/14/03 Information _____________________________________ I have had these sitting around for about a year and just said "fawk it" and am giving 'em to the community to sort through before they start growing edible fungi. Not even sure if they work on newer versions of Trend software, too busy with other matters and projects, but I'm thinking they just might. Some may just be poor configuration and installation practices by the user, who knows. No real magical bullet buffer overflows here, just some weird web app practices. Most can be access controlled or given stricter permissions at the OS level. All of these "vulns", per say, can be accessed publicly on servers with poor border controls. Fire up a friendly Google session and see! Despite these oddities, in my opinion, Trend still excels over others in it's capabilities and integration into a corp network. Well, enjoy, discuss, criticize, elaborate, manipulate, evaluate, but please don't devastate. Rodney Boron -Don't underestimate the subtlety of letting others think they know more than you. Rod_Boron-AT-Yahoo.com *******Trend Officescan password change/bypass******* http://x.x.x.x/officescan/cgi/cgiMasterPwd.exe Allows you to skip the default /officescan/cgi/cgiChkMasterPwd.exe and create your own password to login with. Full access to the web based Officescan management page now granted. Hell, you can access all the nice .exe's in the /cgi. This is easily cured by correcting permissions and access to the folder. *******Trend Micro TVCS IIS Dos******* http://x.x.x.x/tvcs/activesupport.exe 10 requests for this .exe will cause 10 instances of ActiveSupport.exe to be started. Each consuming 2.5 M's of memory and causing a Dos effect on IIS lasting for up to 5 minutes till each instance of the .exe timesout. *******Trend Scanmail Password Bypass******* http://x.x.x.x:16372/smg_Smxcfg30.exe?vcc=3560121183d3 Some magical backdoor Trend installed to bypass authentication into their web management page for Scanmail for Exchange. Does it work on other Scanmail versions? *******Trend Micro TVCS Log Collector******* This one gives up the farm and the rooster's eggs. huh? http://x.x.x.x/tvcs/getservers.exe?action=selects1 Follow the steps 2-4 and download a very well endowed zip file. Within holds the kings jewels. Trivial encrytion protects both the TVCS password and the service user account and password. Bet lazy admins are running Trend as administrator. Some other enumeration goodies in there to tickle one's imagination. .................................................... Where "x.x.x.x" is equivalent to: -----------== Vin Diesel ==------------- in "The Fast, the Furious, and the Fortran" __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Next Message by Date: click to view message preview

RE: What to do with a vulerability?

When you think explicit thoughts and share them with others in detail you may be found guilty of violating the DMCA or the Patriot Act. Viral vs. non-viral is an unimportant distinction -- if you choose to engage in this business, be sure you can document your good intentions and your legal forensic procedures because they are your only legal defense against prosecution. Persecution, on the other hand, is a given. Sincerely, Jason Coombs jasonc@xxxxxxxxxxx -----Original Message----- From: The Blueberry [mailto:acr872k@xxxxxxxxxxx] Sent: Monday, January 20, 2003 5:00 PM To: BlueBoar@xxxxxxxxxxx; oliver.lavery@xxxxxxxxxxxx Cc: vuln-dev@xxxxxxxxxxxxxxxxx Subject: Re: What to do with a vulerability? >If you're wondering if a process hidden in this way can be detected, then >release a simple proof-of-concept program, and invite the list readers to >come up with a countermeasure. *****Your code needn't be viral or designed >to spread in any way.***** Please explain yourself a bit more because a non-viral code is easily turned into a viral one... ~TB _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail

Previous Message by Thread: click to view message preview

Re: What to do with a vulerability?

If you're wondering if a process hidden in this way can be detected, then release a simple proof-of-concept program, and invite the list readers to come up with a countermeasure. *****Your code needn't be viral or designed to spread in any way.***** Please explain yourself a bit more because a non-viral code is easily turned into a viral one... ~TB _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail

Next Message by Thread: click to view message preview

RE: What to do with a vulerability?

When you think explicit thoughts and share them with others in detail you may be found guilty of violating the DMCA or the Patriot Act. Viral vs. non-viral is an unimportant distinction -- if you choose to engage in this business, be sure you can document your good intentions and your legal forensic procedures because they are your only legal defense against prosecution. Persecution, on the other hand, is a given. Sincerely, Jason Coombs jasonc@xxxxxxxxxxx -----Original Message----- From: The Blueberry [mailto:acr872k@xxxxxxxxxxx] Sent: Monday, January 20, 2003 5:00 PM To: BlueBoar@xxxxxxxxxxx; oliver.lavery@xxxxxxxxxxxx Cc: vuln-dev@xxxxxxxxxxxxxxxxx Subject: Re: What to do with a vulerability? >If you're wondering if a process hidden in this way can be detected, then >release a simple proof-of-concept program, and invite the list readers to >come up with a countermeasure. *****Your code needn't be viral or designed >to spread in any way.***** Please explain yourself a bit more because a non-viral code is easily turned into a viral one... ~TB _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail