SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Trend Micro OfficeScan Vendors:   Trend Micro
Trend Micro Office Scan (aka Virus Buster) Corporate Edition Discloses Passwords to Remote Users
SecurityTracker Alert ID:  1002551
SecurityTracker URL:  http://securitytracker.com/id/1002551
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 16 2001
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): tested on OfficeScan Corporate Edition Ver.3.53, Virus Buster Corporate Edition Ver.3.53
Description:   Secure Net Service reported a vulnerability in Trend Micro's OfficeScan antivirus software. A remote user could access configuration files that contain passwords.

The affected products are Trend Micro OfficeScan Corporate Edition and the Japanese version: Virus Buster Corporate Edition.

The vulnerability resides in the software's web management function. A remote user can reportedly access the /officescan/hotdownload without authentication. The ofcscan.ini configuration file is stored in this directory and can be viewed. The configuration file includes encoded passwords that can be readily decoded by a remote user.

Impact:   A remote user can obtain the configuration file and decode passwords contained in the file.
Solution:   No information was available at the time of this entry about a fix for OfficeScan Corporate Edition.

A patch for Virus Buster Corporate Edition is reportedly available at:

http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3182

Vendor URL:  www.antivirus.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (NT), Windows (2000)
Underlying OS Comments:  Tested on Windows NT 4.0 Server + SP6a [English] and Windows NT 4.0 Server + SP6a [Japanese]

Message History:   None.


 Source Message Contents

Subject:  [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure


----------------------------------------------------------------------
SNS Advisory No.44
Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability

Problem first discovered: Wed, 29 Aug 2001
Published: Tue, 16 Oct 2001
----------------------------------------------------------------------

Overview:
---------
  A vulnerability was discovered in Trend Micro OfficeScan Corporate
  Edition (Japanese version: Virus Buster Corporate Edition) that allows
  remote attackers to access configuration files containing passwords.

Problem Description:
--------------------
  Trend Micro OfficeScan Corporate Edition (Japanese version: Virus 
  Buster Corporate Edition) is an antivirus software for enterprise use.
  This software provides real-time management, real-time configuration
  and updates pattern files on client machines from management console.

  When this software is installed, several virtual directories are 
  created in order to provide Web-based management console function.  
  However, attackers will be able to access one of these directories, 
  /officescan/hotdownload, without authentication.  In addition, the 
  file stored in this directory, ofcscan.ini, is the configuration file
  used by OfficeScan Corporate Edition. 

  If this vulnerability is exploited, an attacker will be able to gain 
  access to the configuration information from this file. Moreover, 
  although this file stores an encrypted password, it is possible to 
  decrypt it easily. For example, OfficeScan Corporate Edition has 
  encrypted the following character sequences, "12345":

     701F702132

  This string is generated by a specific algorithm and it is possible 
  to decrypt it easily.  If an application uses a duplicated password, 
  an attacker will be able to cause further impacts on the system.


Tested Versions:
----------------
  OfficeScan Corporate Edition Ver.3.53
  Virus Buster Corporate Edition Ver.3.53

Tested OS:
----------
  Windows NT 4.0 Server + SP6a [English]
  Windows NT 4.0 Server + SP6a [Japanese]

Solution:
---------
  A patch to fix this issue for Virus Buster Corporate Edition is 
  available at the following URL:

  http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3182

  And we asked Trend Micro about the patch for OfficeScan Corporate 
  Edition, however we couldn't get any information.

Discovered by:
--------------
  ARAI Yuu (LAC)  y.arai@lac.co.jp

Disclaimer:
-----------
 All information in these advisories are subject to change without any 
 advanced notices neither mutual consensus, and each of them is released
 as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
 caused by applying those information. 

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC