Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Assorted Trend Vulns Rev 2.0

From: Rod Boron <rod_boron () yahoo com>
Date: Tue, 14 Jan 2003 17:44:20 -0800 (PST)
Trend Micro Assorted Vulnerabilities
Rev 2.0 01/14/03

Information
_____________________________________

I have had these sitting around for about a year
and just said "fawk it" and am giving 'em to the
community to sort through before they start growing
edible fungi. Not even sure if they work on newer
versions of
Trend software, too busy with other matters and
projects, but I'm thinking they just might. Some may
just be poor configuration and installation practices
by the user, who knows. No real magical bullet buffer
overflows here, just some weird web app practices.
Most can be access controlled or given stricter
permissions
at the OS level.

All of these "vulns", per say, can be accessed
publicly
on servers with poor border controls. Fire up a
friendly
Google session and see!

Despite these oddities, in my opinion, Trend still
excels over others in it's capabilities and
integration
into a corp network.

Well, enjoy, discuss, criticize, elaborate,
manipulate,
evaluate, but please don't devastate.

Rodney Boron 
-Don't underestimate the subtlety of letting others
think they know more than you.

Rod_Boron-AT-Yahoo.com

*******Trend Officescan password change/bypass*******

http://x.x.x.x/officescan/cgi/cgiMasterPwd.exe

Allows you to skip the default
/officescan/cgi/cgiChkMasterPwd.exe
and create your own password to login with. Full
access to the web based Officescan
management page now granted. Hell, you can access
all the nice .exe's in the /cgi. This is easily
cured by correcting permissions and access to the 
folder.


*******Trend Micro TVCS IIS Dos*******

http://x.x.x.x/tvcs/activesupport.exe

10 requests for this .exe will cause 10 instances of
ActiveSupport.exe to be started. Each consuming 2.5
M's of memory and causing a Dos effect on IIS lasting
for up to 5 minutes till each instance of the .exe
timesout.


*******Trend Scanmail Password Bypass*******

http://x.x.x.x:16372/smg_Smxcfg30.exe?vcc=3560121183d3

Some magical backdoor Trend installed to bypass
authentication into their web management page for
Scanmail for Exchange. Does it work on other Scanmail
versions?



*******Trend Micro TVCS Log Collector*******

This one gives up the farm and the rooster's eggs.
huh?

http://x.x.x.x/tvcs/getservers.exe?action=selects1

Follow the steps 2-4 and download a very well endowed
zip file. Within holds the kings jewels. Trivial
encrytion protects both the TVCS password and the
service user account and password. Bet lazy admins
are running Trend as administrator. Some other
enumeration goodies in there to tickle one's
imagination.

....................................................

Where "x.x.x.x" is equivalent to:

-----------== Vin Diesel ==-------------
                 in
"The Fast, the Furious, and the Fortran"


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: