|
|
|
Highly-Critical Flaw Discovered in Trend Micro Products
By: Don E. Sears
2007-02-08
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Anti-virus software maker Trend Micro is the latest security vendor to have potential malware problems on its hands with reports of buffer overflow vulnerabilites in its products.A dangerous buffer-overflow flaw in Trend Micro anti-virus software products was reported by Trend Micro and confirmed by security researchers at iDefense Labs.
Researchers at Secunia have also posted an advisory on this vulnerability and have deemed this to be highly critical.
This flaw can be exploited in both Windows and Linux systems, and could be used to gain access to machines, cause DOS (denial of service) activity and allow attackers total control of affected systems.
Trend Micro responded to the vulnerability by pushing out a patch that a company spokesperson says fixes the issue.
"We have seen no cases in the wild, but Trend Micro moved quickly on this because, like others, we understand the highly critical nature of this issue," a company representative told eWEEK.
The vulnerability targets all scan engine and pattern file technology in Trend Micro products due to an error within UPX (ultimate packer for executables) compressed executables. This error can be exploited to cause buffer overflow processes when scanning a uniquely designed UPX file.
In Windows, the scan engine runs in kernel context. Under Linux, the scan engine runs as a daemon with superuser privileges, hence the ability to have complete system control.
iDefense reports that the following configurations are vulnerable:
Trend Micros PC-Cillin Internet Security 2007
VsapiNI.sys (scan engine) version 3.320.0.1003
ServerProtect for Linux v2.5 on RHEL 4.x
vsapiapp version 8.310
Trend Micro said that the majority of its customers use automatic updates, and therefore received the patch that fixes the problem within 24 hours.
 Trend Micro targets SMBs with security offering. Click here to read more.
"Trend Micro is including the fix in VSAPI 8.5, which is expected to launch in Q2 2007. In the meantime, Trend Micro has created a pattern update (4.245.0) to detect this vulnerability. The pattern update was made available on February 5, 2007," said the company spokesperson.
For those customers that do not use automatic updates, Trend Micro highly recommends that its customers update to Virus Pattern File 4.245.00 or higher.
Representatives from iDefense and Secunia could not be reached for comment at the time of this reporting.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������xr80�VӮc"u]RleMYR:6BA6ErHʶw^9/ϸ�xӅ|>[.["�2H$���Iȥ�=&�ǘYO�cSݣ&}$5~]
4I=�
ˑ�ԫ
9S]M�HwW3fcө�P/�?`���᳑(,���߱L㘄[t�>r@ߩ�2tS�6B�!|DJT%h�!G�Q�C=~'�f�^��B(ʻ�F�{iki#2��hj9�W�{7v!6^�;�s9ȹ�3oGh�=7d9c';���{ �-�,v2M*5f�б�w8r��x08JeJ-jfMM�yf��_%z�(s�w6O(�|@��ɠi!ZdQ=}9e��f42M�YU\>TkqZ��J{Q!`چ[={4q*sܼL_{awվΑ��CK5-'4�Ptڧ7^O[a\b'H
Hw&�Z.��JX<&ȇ �T|5�{�P\㍒~wnFtXT�Z, Ԏ$0L"�J�1~̢(Cdv&?[ZWM"MuYf0R*C�A-tV?#{Sjq{~v|q۾:y>O[=d/#t:�+?fV'Z[�1?o!qj{ d�P[w8LwZ|()�?uO_[d�@O'Sdx*g3~��47Q[h,r$�brF~DX
V�� Q3o�F5
tA��%94ȔS�Hu��t9�~}E!ot�U&T3o`��2��4��g}=w
�a4z�AL4�&:h�)5?�&1gMa�b&DJH7�Q��mR^(Pe!P샚_.[�
jƫTwPH7#DD��v�x�W��"ʥ��c�p1SUҽTwsQ��[�\48�N>]7Du..*s5-wax�aZ*;�{8o5nZgwݽuS5?`�g�",�$��Mm{QV�c1xJ�,ՎKPp��@8ʍ�??1m!S[�ö@
.S��i3+k~�L�>��:NR�m�)5ٴ>l;4�}t>�$>hhƋM�ri\OL�r�Ӈ�u4A���ͣn]=&tfo7,Abχ��a`Ns!FAтMx>t�T�ێ�]6}l2���9<8�L&&�zrWt��#`���V���PCh��' 6)�@}�9\P�lv64-0���3�R�P|'sZ(�w^`3�2(%łdhs�� 4.gP)AH �=k��� ���99�
��0#!b\JZ2'9\v{B#�;�\~,gr)eb -d[b�~I�l�
eV&vϺZLboD��6�]�,�S�m3-m�u{V+E�6
��Z`L�&�yJ\P
!0G@.(Læo0吶=4u�3x�tw�O8'Â[|s|k42u��Z|'1MTl2q�)Ln�4W,}}Т̇,h"[{nkSS)4+��pL�4C�}�52{B;`n93c]edң!}?�p*JNC֬zoj�Y
�r�>5mV�AL �
�|�U=kb�$`~f�
=D8آ\Qۂ+6B`�Sքc'M}Xt�ykyW��>Ѐ�ap���"=����jA���46�\,0�|*W*Uˈ`n�+V/(��% 7]@�.�&D��~?DNQ}G=.C+DÜU^of��.$jXUcrxɡV�\=.)j�8+�3??]e��t4R��8�p{�V�v0aE�>yL��Z<5}�˰"U
�ӕ
~�>V:6ʼnG �q?@�TEe¹3�`��Qе�a�⢉�!h�3����4khý23URzJU;OP,�;Ђw>k-4gsF;d�E.WԴ'�*�5P6>*�09Nf~kӥ��
{ݮ�#fu>L:k}��\W
ZQa߯Y_�c7{)h�"QkF&��FdH�t=Έ#6RPϘT<˯!'�8՞o��F* ϛ=G$1�*@7Z �3�e�4z�JE晛>�75;V`]z2M�>r97poj%ϴ@�(1s3ѹtNsl s�ƻ~rn�Af �D�|*�8 F�:+6,~x�VfO6)E|�\D"pLn�ap�zGdD"9ks-!��an�~/I6�0�&|�wBP��r\�9HÞ1|M��}Yy^4�6(�}P�c�
ʌ�P@ZhOXM\ ֮oLspI�['�ML��Uh-[J_�kA~�f:X)c=+ͦ'0R 7TQԀO>cO3(~�}$DC9�u�z~�RTX�]\H&#UT-Vr!^萫YQ]A�ӀM\rOkhs%p}�/O&PFͧzM*E�q4I#̸yF0.Ɨ!��s�kg�O�̦w0@M\6{%]M茻l^!�Lc̚úe$i`U\&LX4 �Z�LT!wOLIjVڳ$|p`����F�"{qT2N6�
�`i8~{L(}׆7{%�%u}Au�y?`�yA�ѰIv�NCJ|I{ٽe%%{�wE�s5A n2H#�O!yN/[͛FS�L�o2�Y�Grz��I]a3+"A�KuÙ�c�ª9�I.Dz=d_U�g0�Ttx-�ͣ ېcoE�9�º�Y�PH2'_1�a�
c��{ z�H)'4
�geKtZ;3^v}dh��!��:�e�}E/R)Q\(뉞�OYY{L�$')��^(0[JӷoHW蘧Y;GD{_q+5s��z4~&�\1Z9ntL�d��Ծl���j?&i^�K_����o�E
p�ASB�9kթ-ݱi'>�eax!w,(qB;DQ2�Ea~�=m2결t]$�<2ON)tJȓ$�E�=�)�I"8IUF4A2�uIH?�Md�4XPW
PقW�
$O�krwisq�^]|عmD20��@u�\f0 `�q�o6/É@P� V��0k{R̵jПjs2]��>^Y��]s6�ͥ��ŠO8E�{�wmhG(WP�EıTrk�c��qM/unWe�gL5F�?K}ҼnHK�09iJs j�BGH|9zÿ|§ �� �{s�\3g伉)ћNۨ��{25[t_?I/K턟��y�cP!X�Sω%٘NB�EW�5vln(+"sᔤ\E㳏)G8}���boZ�0d&'zvA�JG3[gȞ�x~G7�bR�c�o�?}Y>�]f+w�PxI9뻿PŞYiYU�/J\�-"Pnx {qI%.ts�?.J`\T�y^v} ,$>?Ggo[#D:*pcM�_�'�2>6,eM��ʧGq!F�JP*y8sv�NLG>@B.��ȭi/
ZM��G�/
Q*y�
vPVkØ>�YB2^7&D4�6n֣�ct|r�_>�t8ͩg �r̓�QWJ�EŇqE[=];L_�h2wf4�D#
u�/8� \�$�,g�Ě`**o�?e<�d��6s�#=E���BǏ�at��ak\�6F:�*obL2^_aAkﳡ?KxfX5>!DD`GNJl�uJ �c��hdQ1OҀ�0fQ/�y�y�9��2h�
ZN�Z:ˏ�W��p�A$~�%]Z,���JH
"A(RTVI��77�o9_c-����K#h9G{icM7��|
FtE�`��'�rni��� �̌gz��T1.�Vd�pR� \���.apI�w!#�=�$Ғ�2%k'$S xb�WN7ހV*�jo�3xP}:�ơ�%[Go(>h�NQv}t9��qu�Cx�g�+XǤhH��ˏo �ח>,0-
(?"#sTf8��CjaV+d1C� � �PLDv6��Y@o}c��>K,b�o�6ө �.EYL� ��� ��mn��q .o8e)�n>�g�v�D��
o<1@�C�&ŕ�wmsBXDb+ g�jK D��ƶo>e(ZX6�J9%CvCR��Ž}}}}oRU}z ��K)ff@����,f;}0yPL�#$� �QjIAPdk3y Ʀ7�K�eמs�f/8Ù�Hh
~f&^L�ardG4� N�lJΈ=�KRV6߈kpIDDul0|�`K߮~A*.� \%`ta>>>>o܇U+Wʕ�+|Op<�&➅Dd>.3K��|u2\^c;_͡էMI�\h4*
5EUXSª�,X�Fa%�kl|y"|{��ͽhi[.F3
d�9C,$���WdעPD'RĊ�[CȔ�ԟ�&Ԟ�l&i*Ǜ��\� >��@�oqBx;-ڍ_j~�38z`b��H^+%4��=y:M�{q�SӮMfudBt/�k?0�R_HtLHJ�~P�c+@m�S�U|�[`8NËE.� {E]_[ͮ=:�{)e۬R?fW'1}̼ٔ��z�(� �ʬ�k2�$I1�Ʊ�'}m^8cET2̭,&df[,��j�9^$rhybuK�ɸ�)x/�)�pSoE\�ޞ�q'�H|�pBtk �6٦KMµ5Aʥ�8IVQ��D#�<$B&Ub[
�BYTjn��SsӗǎBU�0=�rA�ޚ6n �U
cjF%�-1|z`9N/B�.�kXGl7K1�eTUR4Ϛ�ώy]Wv)ed9_K>HP.$�w;��/�a>>(�-^awUqjki\k襍ڕESIC��9�7�x.e%&o[I{u
�>dy|ә-ԧOyюM-۠[.н2%&hP�jߛc�j۫u)���+K,�d�0̊�۲T�m5΅4� ¨ӔEJN`�srٚmj�x6�ep��:�IϥŁ3_SJ }+WQ�^߈�f�VܞVk}H�`�@�vʹMh%!mF(hdtixu����bh 2
\�TcЭ�B)˪M;InP}wY?e=`
�'�24/x߹[!ʣZ+=Nl~'�&u�*�3�;4nZ4�XAD鄎 /Q&}^�8��:{bR=P[���8�'�6/�|�T�3/b=3-Ѩ#�^j>xA�U�1K= o~{@Cr
�q�,�-D||z['AU}�H?Km1.|�+62s��Ո��^��_�Ѻm>"?4ۗuۻl�zx�d!ϝ�k��֜ݬM5q/+ 膧d3�w�3O'vѻ�
2�Y�s�MǤZg �45`B���RA~�9�F
8Ï }]pz5sʱ
E�qgf5?��"�d`Y�Vx.31ƚ ��LP
O"cg;ql>;ks�o�2&��6LG�4 (Tƨz�)6�Iϐ�R(�31P
EY/j56��:\-5,l$9�=�A�Sh4�WϛW5���EXI%�9r\鱻�$0\d�~\g;Tlv[�i>Z�Oe��;BI<ş!�j�52Gd!᳤c�*5�S�2m-(E.ir�}7��|In[zQڗ�E@1agG�۶fWҎ_ϒw.
$Cb9G8]!
MAE3`A�]|e�D$�
�E/f���/b����A&{禍~/;vc�SF)f���'NFp)hN�<}y?٢�uK�ğopm�.�; +C�&:bz:SA\W �(|�x@NlMÛn-jīc� *۳|�?��O�e L�t8͡o�0�kn>ʷQ$�Lys�i�zQ�ZtEVb05�yMvSFߟ�2"�L�-� �ԢLSg(\*],1Ał?�vLw׳��9
3/�&U@NDqDgP;�mmlP/>¼yOW=�Ofu�ݍ2Jtmk%�C>KrX}P/):�OOg�sZ�%+_��H�v�"�݂�,c �0У,*05bys::hՆG���X�xЬ;�[)�qy6` <Щ0�\bXe�ܔ�1uF:]�khT[_�)^UD'�����^k'gym/�|Ua=r�k��s�c&igNb�kc/�φŀ��d_q�x�N|L/�X�ث|�g)C2^#s!o�YX&�7ęV�/kti�(�aa��X�jA@�`�V\3zf7tZ�Ю�3q7M�&�Cg�a+cPMYjcL1G�],@�<�փP��=`#hxb�<���nh1)�d'kI����'�R$la,�:�r3 ;Ej z.�1��R04.xq�Ba��ʩȩ(v�}_|J�Ѭd�;��π/(8�3}E.tqea�#�Vt*N�`wX{y�B(ϻW}i_~9!3��*`.gq^V>!2D!6�xVEhEi{�şwyMՙ�h,)Z�Y+
AHc]7W�/e={`o��3�g�
|
Network Security & Hardware 
