Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SNS Advisory No.35] TrendMicro InterScan VirusWall 3.51 HttpSaveC*P.dll Buffer Overflow

From: "SNS Advisory" <snsadv () lac co jp>
Date: Thu, 28 Jun 2001 17:33:46 +0900
SNS Advisory No.35
TrendMicro InterScan VirusWall 3.51 HttpSaveC*P.dll Buffer Overflow

Problem first discovered: Wed, 6 Jun 2001
Published: Thu, 28 Jun 2001
----------------------------------------------------------------------

Overview:
---------
A buffer overflow vulnerability was found in some administrative programs, 
smtpscan.dll, of InterScan VirusWall for Windows NT. It allows a remote
user to execute an arbitrary command with SYSTEM privilege.

If long strings are included in a certain parameter of configuration by 
exploiting the vulnerability that was reported by SNS Advisory No.28, 
a buffer overflow occurs when requesting the following dll(s):

    http://server/interscan/cgi-bin/HttpSaveCVP.dll
    http://server/interscan/cgi-bin/HttpSaveCSP.dll

The following are a memory dump and contents of register when a buffer 
overflow occurs.

dump:
     023FFAC2  6D 6D 6D 6E 6E 6E  mmmnnn
     023FFAC8  6F 6F 6F 70 70 70  oooppp

register:
     EAX = 023FFAC8 EIP = 6E6E6E6D

Therefore, arbitrary code may be executed by calling eax which may be 
replaced by an attacker's supplied arbitrary code. 

Tested Version:
---------------
InterScan VirusWall for Windows NT 3.51 build 1321 English

Tested OS:
----------
Windows NT 4.0 Server SP6a [English Version] 

Patch Information:
------------------
To get the patch, send e-mail to support () support trendmicro com or
search this issue on
http://solutionbank.antivirus.com/solutions/solutionSearch.asp

Discovered by:
--------------
Nobuo Miwa (LAC / n-miwa () lac co jp)

Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References
----------
Archive of this advisory:
        http://www.lac.co.jp/security/english/snsadv_e/35_e.html

SNS Advisory No.28(TrendMicro InterScan VirusWall for NT remote
configuration Vulnerability)

        http://www.lac.co.jp/security/english/snsadv_e/28_e.html

SNS Advisory:
        http://www.lac.co.jp/security/english/snsadv_e/

LAC:
        http://www.lac.co.jp/security/english/

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/
Previous By Date Next
Previous By Thread Next

Current thread: