ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: iDefense Security Advisory 12.14.05: Trend Micro ServerProtectEarthAgent Remote DoS Vulnerability



> -----Original Message-----
> From: 
> idlabs-advisories-bounces+vladimir.kazennov=billing.ru@xxxxxxx
> defense.com 
> [mailto:idlabs-advisories-bounces+vladimir.kazennov=billing.ru
> @lists.idefense.com] On Behalf Of iDEFENSE Labs Security Advisories
> Sent: Wednesday, December 14, 2005 10:43 PM
> To: Idlabs-Advisories@xxxxxxxxxxxxxxxxxx
> Subject: iDefense Security Advisory 12.14.05: Trend Micro 
> ServerProtectEarthAgent Remote DoS Vulnerability
> 
> Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability
> 
> iDefense Security Advisory 12.14.05
> www.idefense.com/application/poi/display?id=356&type=vulnerabilities
> December 14, 2005
> 
> I. BACKGROUND
> 
> Trend Micro Inc.'s ServerProtect provides antivirus scanning with
> centralized management of virus outbreaks, scanning, patter file
> updates, notifications and remote installations. More 
> information about
> the product set is available at:
> 
>  www.trendmicro.com/en/products/file-server/sp/evaluate/overview.htm
> 
> II. DESCRIPTION
> 
> Remote exploitation of a denial of service vulnerability in 
> Trend Micro
> Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the
> target process to consume 100% of available CPU resources.
> 
> The problem specifically exists within ServerProtect EarthAgent in the
> handling of maliciously crafted packets transmitted with the 
> magic value
> "\x21\x43\x65\x87" targeting TCP port 5005. A memory leak also occurs
> with each received exploit packet allowing an attacker to exhaust all
> available memory resources with repeated attack.
> 
> III. ANALYSIS
> 
> Successful exploitation of the described vulnerability allows
> unauthenticated remote attackers to consume 100% CPU resources,
> increasingly consume memory resources and potentially crash the
> underlying operating system. Full CPU utilization can be 
> achieved with a
> single packet, memory consumption occurs incrementally on subsequent
> attacks.
> 
> IV. DETECTION
> 
> iDefense has confirmed the existence of this vulnerability in Trend
> Micro ServerProtect for Windows Management Console 5.58 running with
> Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup
> Server 1.1. It is suspected that earlier versions and 
> versions for other
> platforms are vulnerable as well.
> 
> V. WORKAROUND
> 
> Employ firewalls, access control lists or other TCP/UDP restriction
> mechanisms to limit access to vulnerable systems on TCP port 5005.
> 
> VI. VENDOR RESPONSE
> 
> The vendor has released the following security advisory for 
> this issue:
> 
>  http://kb.trendmicro.com/solutions/search/main/search/
>  solutionDetail.asp?solutionID=25254
> 
> "Contact Trend Micro Technical Support to request for the
> SPNT5.58_HotfixB1137.zip file, which should only be installed 
> on servers
> running SPNT 5.58."
> 
> VII. CVE INFORMATION
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CVE-2005-1928 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org), which standardizes names for
> security problems.
> 
> VIII. DISCLOSURE TIMELINE
> 
> 06/03/2005 Initial vendor notification
> 06/05/2005 Initial vendor response
> 12/14/2005 Public disclosure
> 
> IX. CREDIT
> 
> This vulnerability was discovered by Pedram Amini, OpenRCE
> (www.openrce.org).
> 
> Get paid for vulnerability research
> http://www.iDefense.com/poi/teams/vcp.jsp
> 
> Free tools, research and upcoming events
> http://labs.iDefense.com
> 
> X. LEGAL NOTICES
> 
> Copyright (c) 2005 iDefense, Inc.
> 
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than 
> electronically, please
> email customerservice@xxxxxxxxxxxx for permission.
> 
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available 
> information. Use
> of the information constitutes acceptance for use in an AS IS 
> condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any 
> direct, indirect,
> or consequential loss or damage arising from use of, or reliance on,
> this information.
> _______________________________________________
> To unsubscribe, go here:
> http://www.idefense.com/mailman/listinfo/idlabs-advisories
> 




 




Copyright © Lexa Software, 1996-2009.