[21236] in bugtraq
[SNS Advisory No.34] TrendMicro InterScan VirusWall 3.51 smtpscan.dll Buffer Overflow
daemon@ATHENA.MIT.EDU (SNS Advisory)
Thu Jun 28 15:05:14 2001
Date: Thu, 28 Jun 2001 17:30:17 +0900
From: "SNS Advisory" <snsadv@lac.co.jp>
To: BUGTRAQ <BUGTRAQ@securityfocus.com>
Message-Id: <20010628172950.C0CD.SNSADV@lac.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
SNS Advisory No.34
TrendMicro InterScan VirusWall 3.51 smtpscan.dll Buffer Overflow
Problem first discovered: Wed, 6 Jun 2001
Published: Thu, 28 Jun 2001
----------------------------------------------------------------------
Overview:
---------
A buffer overflow vulnerability was found in some administrative programs,
smtpscan.dll, of InterScan VirusWall for Windows NT. It allows a remote
user to execute an arbitrary command with SYSTEM privilege.
If long strings are included in a certain parameter of configuration by
exploiting the vulnerability that was reported by SNS Advisory No.28,
a buffer overflow occurs when requesting the following dll:
http://server/interscan/cgi-bin/smtpscan.dll
The following are a memory dump and contents of register when a buffer
overflow occurs.
dump:
00F8E5C0 71 71 71 72 72 72 72 73 qqqrrrrs
00F8E5C8 73 73 73 74 74 74 74 75 sssttttu
register:
EIP=73727272 ESP=00F8E5C8
Therefore, arbitrary code may be executed by calling esp which may be
replaced by an attacker's supplied arbitrary code.
Tested Version:
---------------
InterScan VirusWall for Windows NT 3.51 English
Tested OS:
----------
Windows NT 4.0 Server SP6a [English Version]
Patch Information:
------------------
To get the patch, send e-mail to support@support.trendmicro.com or
search this issue on
http://solutionbank.antivirus.com/solutions/solutionSearch.asp
Discovered by:
--------------
Nobuo Miwa (LAC / n-miwa@lac.co.jp)
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
References
----------
Archive of this advisory:
http://www.lac.co.jp/security/english/snsadv_e/34_e.html
SNS Advisory No.28(TrendMicro InterScan VirusWall for NT remote
configuration Vulnerability)
http://www.lac.co.jp/security/english/snsadv_e/28_e.html
SNS Advisory:
http://www.lac.co.jp/security/english/snsadv_e/
LAC:
http://www.lac.co.jp/security/english/
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
