Home

Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow

Notification Type:	IBM Internet Security Systems Protection Advisory
Notification Date:	November 11, 2008
Notification Version:	1.0

Name:	Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow
Public disclosure/ In the wild date:	November 11, 2008 (vuln disclosure)
CVE:	CVE-2006-5269
Description:	Trend Micro Server Protect [PROCEDURE NAME REDACTED] is vulnerable to a heap-based buffer overflow.
Discoverer:	David Dewey of IBM X-Force

ISS Coverage

Product	Content Version
Proventia Network IDS Proventia Network IPS Proventia Network MFS Proventia Server (Linux) RealSecure Network RealSecure Server Sensor	1.95 24.56
Proventia Desktop Proventia Server IPS (Windows)	1960

Propagation Techniques	ISS Protection	Available
remote exploit	MSRPC_AV_Heap_Overflow	Feb 15, 2007

Detailed Description

Business Impact:	Compromise of networks and machines using affected versions of ServerProtect may lead to exposure of confidential information, loss of productivity, and further network compromise. An attacker does not need to entice any kind of user interaction to trigger this vulnerability. Successful exploitation would grant an attacker the privileges of the ServerProtect account.
CVSS	Base Score:		10
		Access Vector:	Remote
		Access Complexity:	Low
		Authentication:	Not Required
		Confidentiality Impact:	Complete
		Integrity Impact:	Complete
		Availability Impact:	Complete

	Adjusted Temporal Score:		8.5
		Exploitability:	Unproven
		Remediation Level:	Unavailable
		Report Confidence:	Confirmed
Affected Products:	For a full list of affected versions, see references below.
Technical Description:	[REDACTED]
Remediation:	A patch released in May 2008 somewhat mitigates access to this vulnerability. However, the vulnerability is still resident and easily accessible.

References

XFDB:	http://xforce.iss.net/xforce/xfdb/31113
FrequencyX Blog:	http://blogs.iss.net/archive/trend.html
Trend:	http://www.trendmicro.com/download/product.asp?productid=17

Revision History

1.0	Initial publication.

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.