Title: Trend Micro Interscan Viruswall Multiple Program Buffer Overflow Vulnerability
Severity: HIGH
Description:
Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network.
A combination of two problems in the Interscan Viruswall package makes it possible for a remote user to execute arbitrary commands as root, and potentially gain local access to the Viruswall system. This vulnerability is the manifestation of two problems, which when combined make a system vulnerable.
Included with Interscan Viruswall is a web based administration interface called ISADMIN. This service is the CERN httpd v3.0 running on port 1812 of the Viruswall system.
The first problem consists of multiple programs in the cgi directory containing buffer overflows. It is possible to execute arbitrary commands through most of the programs contained in the CGI directory of the HTTP daemon, due to insuffient bounds checking and validation of input.
The second problem consists of the CERN httpd insufficiently controlling access to programs in the CGI directory. The CERN HTTP daemon, as installed with the Viruswall package, runs with the privileges of root. The access control settings of the httpd do not allow users to directly execute programs ending in the .cgi suffix. However, four programs within the cgi directory do not end in .cgi suffixes, and may be executed directly through calling of the URL and file extension.
Affected Products:
- Trend Micro Interscan Viruswall (Linux) 3.0.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
