|
|||||||
|
|
|
 |
|
|
Strumenti |
29-04-2009, 21:59
|
#1 |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
[NEWS] Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability
29 aprile 2009
Security Focus riporta un bollettino di sicurezza (Bugtraq ID 34763) in cui si spiega che è stata trovata una vulnerabilità in molti prodotti Trend Micro che permetterebbe di bypassare il controllo dell'engine antivirus ad alcuni file tipi compressi. Lo sfruttamento con successo di questa falla permetterebeb ad un attacker di distribuire file compressi contenenti codice malevolo che l'antivirus non rileverebbe. I tipi di file in questione sono il tipo compresso: RAR/ZIP/CAB. Soluzione: Al momento non esistono patch o nuove versioni dei programmi che risolvono il problema. Programmi/piattaforme e versioni fallate: Trend Micro Worry-Free Business Security 5.0 Trend Micro ServerProtect for Windows 5.58 Trend Micro ServerProtect for Windows Trend Micro ServerProtect for Novell Netware Trend Micro ServerProtect for Network Appliance Filer 5.62 Trend Micro ServerProtect for Network Appliance Filer 5.61 Trend Micro ServerProtect for Linux 1.2 Trend Micro ServerProtect for Linux Trend Micro ServerProtect for EMC 5.58 Trend Micro ServerProtect 5.5.8 Trend Micro ServerProtect 5.3.1 Trend Micro ServerProtect 5.7 Trend Micro ServerProtect 5.58 (Security Patch Trend Micro ServerProtect 5.58 Trend Micro Server Protect 5.58 Trend Micro ScanMail for Microsoft Exchange 6.1 Trend Micro ScanMail for Microsoft Exchange 3.81 Trend Micro ScanMail for Microsoft Exchange 3.8 Trend Micro ScanMail for Microsoft Exchange 6.2 Trend Micro ScanMail for Domino 2.51 Trend Micro ScanMail for Domino 2.6 Trend Micro OfficeScan For Microsoft SBS 4.5 - Microsoft Windows NT 4.0 Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.13 - Microsoft Windows NT 4.0 Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.11 - Microsoft Windows NT 4.0 Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.5 Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.1.1 Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.0 Trend Micro OfficeScan Corporate Edition for SMB2.0 6.0 Trend Micro OfficeScan Corporate Edition 7.0 Trend Micro OfficeScan Corporate Edition 6.5 Trend Micro OfficeScan Corporate Edition 5.58 Trend Micro OfficeScan Corporate Edition 5.5 Trend Micro OfficeScan Corporate Edition 5.0 2 Trend Micro OfficeScan Corporate Edition 3.54 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Novell Netware 5.1 - Novell Netware 5.0 - Novell Netware 4.11 - Novell Netware 4.1 - Novell Netware 3.1.2 Trend Micro OfficeScan Corporate Edition 3.13 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan Corporate Edition 3.11 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan Corporate Edition 3.5 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan Corporate Edition 3.0 Trend Micro OfficeScan Corporate Edition 8.0.patch build 1042 Trend Micro OfficeScan Corporate Edition 8.0 SP1 Patch 1 Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 Build 11 Trend Micro OfficeScan Corporate Edition 8.0 Trend Micro OfficeScan Corporate Edition 7.3 Build 1314 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 7.0 Trend Micro OfficeScan Corporate Edition 6.5 Trend Micro OfficeScan Corporate Edition 6.0 Trend Micro OfficeScan 8.0 Service Pack 1 P - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 8.0 Service Pack 1 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 8.0 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 7.3 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 7.0 Trend Micro Office Scan 7.3 Trend Micro InterScan WebSecuritySuite for Linux 1.0 ja Trend Micro InterScan WebSecuritySuite for Linux Trend Micro InterScan WebSecuritySuite for Linux Trend Micro InterScan WebSecuritySuite for Linux Trend Micro InterScan WebProtect for ISA Trend Micro InterScan WebManager 2.1 Trend Micro InterScan WebManager 2.0 Trend Micro InterScan WebManager 1.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT Server 4.0 Trend Micro InterScan WebManager 1.2 Trend Micro InterScan Web Security Virtual Appliance 3.1 Trend Micro InterScan Web Security Suite for Windows 3.1 Trend Micro InterScan Web Security Suite for Windows Trend Micro InterScan Web Security Suite for Solaris Trend Micro InterScan Web Security Suite for Linux 3.1 Trend Micro InterScan Web Security Suite for Linux Trend Micro InterScan Web Security Suite 2.5 Trend Micro InterScan VirusWall Scan Engine 7.510 -1002 Trend Micro InterScan VirusWall for Windows NT 5.1 Trend Micro InterScan VirusWall for Windows NT 3.52 build 1466 Trend Micro InterScan VirusWall for Windows NT 3.52 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 alpha - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 Trend Micro InterScan VirusWall for Windows NT 3.51 - Microsoft Windows NT 3.5.1 SP5 - Microsoft Windows NT 3.5.1 SP4 - Microsoft Windows NT 3.5.1 SP3 - Microsoft Windows NT 3.5.1 SP2 - Microsoft Windows NT 3.5.1 SP1 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 3.5 Trend Micro InterScan VirusWall for Windows NT 3.6 Trend Micro InterScan VirusWall for Windows NT 3.5 - Microsoft Windows NT 3.5.1 SP5 - Microsoft Windows NT 3.5.1 SP4 - Microsoft Windows NT 3.5.1 SP3 - Microsoft Windows NT 3.5.1 SP2 - Microsoft Windows NT 3.5.1 SP1 - Microsoft Windows NT 3.5 Trend Micro InterScan VirusWall for Windows NT 3.4 - Microsoft Windows NT 4.0 Trend Micro InterScan VirusWall for Windows Trend Micro InterScan VirusWall for Unix 3.6 x Trend Micro InterScan VirusWall for Unix 3.0.1 Trend Micro InterScan VirusWall for SMB Windows NT Trend Micro InterScan VirusWall for SMB Linux Trend Micro InterScan VirusWall for SMB Trend Micro InterScan VirusWall for AIX Trend Micro Interscan Viruswall (Solaris) 3.6 Trend Micro Interscan Viruswall (Linux) 3.6 Trend Micro Interscan Viruswall (Linux) 3.1 Trend Micro Interscan Viruswall (Linux) 3.0.1 Trend Micro Interscan Viruswall (Linux) 3.81 Trend Micro Interscan Viruswall (HP-UX) 3.6 Trend Micro InterScan VirusWall 3.52 Trend Micro InterScan VirusWall 3.32 - Microsoft Windows NT 4.0 Trend Micro InterScan VirusWall 3.8 Build 1130 Trend Micro InterScan VirusWall 3.7 Build 1190 Trend Micro InterScan VirusWall 3.7 Trend Micro InterScan VirusWall 3.6 Build 1182 Trend Micro InterScan VirusWall 3.6 Build 1166 Trend Micro InterScan VirusWall 3.6 Trend Micro InterScan VirusWall 3.3 - Microsoft Windows NT 4.0 Trend Micro InterScan VirusWall 3.2.3 - Microsoft Windows NT 4.0 Trend Micro InterScan VirusWall 3.0.1 Trend Micro InterScan Messaging Security Suite for Windows Trend Micro InterScan Messaging Security Suite for Solaris Trend Micro InterScan Messaging Security Suite for Linux 5.1.1 Trend Micro InterScan Messaging Security Suite for Linux Trend Micro InterScan Messaging Security Suite 5.5 .1183 Trend Micro InterScan Messaging Security Suite 5.5 Trend Micro InterScan Messaging Security Suite 3.81 Trend Micro InterScan eManager 3.51 j - Trend Micro InterScan VirusWall 3.32 - Trend Micro InterScan VirusWall 3.3 - Trend Micro InterScan VirusWall 3.2.3 - Trend Micro InterScan VirusWall 3.0.1 - Trend Micro InterScan VirusWall for Windows NT 3.51 - Trend Micro InterScan VirusWall for Windows NT 3.5 - Trend Micro InterScan VirusWall for Windows NT 3.4 Trend Micro InterScan eManager 3.51 - Trend Micro InterScan VirusWall 3.32 - Trend Micro InterScan VirusWall 3.3 - Trend Micro InterScan VirusWall 3.2.3 - Trend Micro InterScan VirusWall 3.0.1 - Trend Micro InterScan VirusWall for Windows NT 3.51 - Trend Micro InterScan VirusWall for Windows NT 3.5 - Trend Micro InterScan VirusWall for Windows NT 3.4 Trend Micro InterScan eManager 3.6 For Sun - Sun Solaris 2.6_sparc Trend Micro InterScan eManager 3.6 For Linux Trend Micro InterScan eManager 3.5.2 For Windows - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 Trend Micro InterScan eManager 3.5 For HP Trend Micro Internet Security Suite 2007 0 Trend Micro Internet Security Pro 2009 Trend Micro Internet Security Pro 2008 Trend Micro Internet Security 2009 Trend Micro Internet Security 2008 Trend Micro HouseCall 6.51 1028 Trend Micro HouseCall 6.6 1285 Trend Micro HouseCall 6.6 1278 Trend Micro HouseCall 5.7 Trend Micro HouseCall 5.5 Classe falla: Input Validation Error Falla scopewrta da: Thierry Zoller Advisories d'origine: TZO-172009 - Trendmicro RAR,CAB,ZIP (Thierry Zoller) [TZO-17-2009]Trendmicro multiple bypass/evasions (Thierry Zoller ) Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions (Thierry Zoller ) Fonte: SecurityFocus
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario. |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:06.
