Bugtraq mailing list archives
TrendMicro OfficeScan tmlisten.exe DoS
From: JStevens () UMEME MAINE EDU (Jeff Stevens)
Date: Fri, 25 Feb 2000 17:10:17 -0500
While playing around with nmap I managed to pull down a bunch of our NT workstations running OfficeScan. This could potentially be used as a DoS attack to bring down any NT machine running OfficeScan. I used the following command where machine.domain.com is a Windows NT machine running either SP 4 or 5 or a Win2k RC3 box. nmap -sT -O -p 12345 machine.domain.com One of three things can happen: (1) Nothing -- rare but it does happen. (2) The machine slows to a halt as tmlisten.exe pulls 100% CPU. (3) Visual C++ error as tmlisten.exe crashes. OfficeScan 3.5, scan engine 5.100 and pattern file 663 are running on the target machine. (all current) I can also make the process dump with a Visual C++ error if I send a bunch of data via telnet. Upon contacting Trend via phone, they said they were aware of a similar problem with earlier versions but version 3.5 has been fixed. They are looking into it. Curious if anyone else can recreate this? Or give me a set of addresses and I'll see if I can! :^) Jeff Stevens Network Administrator Civil/Mechanical Engineering 5711 Boardman Hall, Room 17 Orono, ME 04469 (207) 581-2140
Current thread:
- Re: Zonealarm exports sensitive data, (continued)
- Re: Zonealarm exports sensitive data Brett Glass (Feb 25)
- Re: Zonealarm exports sensitive data Robert Graham (Feb 28)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Curtis Anderson, CNE, MCSE (Feb 25)
- Troj_Trinoo and ZZ Simple Nomad (Feb 25)
- man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 26)
- Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Mark Whitis (Feb 27)
- Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 27)
- Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 28)
- Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 28)
- DOS in TrendMicro OfficeScan Veille Technologique (Feb 28)
- TrendMicro OfficeScan tmlisten.exe DoS Jeff Stevens (Feb 25)
- Re: Troj_Trinoo and ZZ Simple Nomad (Feb 26)