ID

VAR-200901-0445

CVE

CVE-2008-3864

TITLE

Trend Micro NSC Service disruption in module firewall service (DoS) Vulnerabilities

DESCRIPTION

The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security. 3) Missing authentication to the Trend Micro Personal Firewall service (TmPfw.exe) listening on port 40000/TCP by default can be exploited by any local user to manipulate the firewall configuration via specially crafted packets regardless of whether password restriction has been enabled for the configuration interface. The vulnerabilities are confirmed in versions 16.10.1063 and 16.10.1079. Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-42/ http://secunia.com/secunia_research/2008-43/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Less critical Impact: Denial of Service Privilege Escalation Where: Local system ====================================================================== 3) Vendor's Description of Software "Trend Micro Internet Security provides smart, up-to-date protection for your home network against present and future threats without slowing down your PC.". These can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to cause heap-based buffer overflows via specially crafted packets containing a small value in a size field. 2) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to crash the service via specially crafted packets containing an overly large value in a size field. ====================================================================== 5) Solution Apply patch for OfficeScan 8.0 SP1 Patch 1. ====================================================================== 6) Time Table 17/10/2008 - Vendor notified. 18/10/2008 - Vendor response. 14/12/2008 - Vendor provides hotfix for testing. 19/12/2008 - Vendor informed that hotfix fixes vulnerabilities. 18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1. 20/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVE identifiers: * CVE-2008-3864 (DoS via large size value) * CVE-2008-3865 (buffer overflow) Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/ OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-42/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ======================================================================

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Carsten Eiram

SOURCES

LAST UPDATE DATE

2022-05-04T09:31:05.029000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE