|
-
December 17th, 2002, 03:28 AM
#1
PC-cillin Scanner Buffer Overflow May Let Local Users Gain Elevated Privileges
hey all, i found this today and i know some of you use this program so i thought id post it so you can secure it and not have to worry. The hole story is here:
http://securitytracker.com/alerts/2002/Dec/1005781.html
----------------------------------------------------------------------------------------------------------------
Trend Micro PC-cillin Scanner Buffer Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1005781
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 10 2002
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes
Version(s): 2000, 2002, 2003
Description: A buffer overflow vulnerability was reported in Trend Micro's PC-cillin e-mail scanner. A local user could execute arbitrary code, possibly to gain elevated privileges.
Texonet reported that there is a buffer overflow in pop3trap.exe. According to the report, a local user could connect to the local port 110 and send a specially crafted string to trigger the overflow and overwrite the EIP register. This could cause arbitrary code to be executed with the privileges of the user running pop3trap.exe.
Some demonstration exploit examples are provided:
Example 1: perl -e " print \"a\"x1100" |nc 127.0.0.1 110
Example 2: http://127.0.0.1:110/[put 1100 a's here]
Impact: A local user can execute arbitrary code with the privileges of the user runnin PC-cillin.
Solution: The vendor has released a fix. For users of PC-cillin 2000, Trend Micro recommend that you upgrade to PC-cillin 2002 or 2003 and apply the Service Packs listed below.
For users of PC-cillin 2002 and 2003:
1. Download the appropriate Service Pack:
For PC-cillin 2003: 2003_pop3_1163en.zip (For English), 388.1KB:
http://solutionfile.trendmicro.com/S...op3_1163en.zip
For PC-cillin 2002: 2002_pop3_1357en.zip (For English), 183.8KB:
http://solutionfile.trendmicro.com/S...op3_1357en.zip
Then, unzip the contents of the service pack into a temporary directory. For more information on how to extract the contents of a ZIP file, refer to Solution 12254:
http://kb.trendmicro.com/solutions/s...lutionID=12254
Then, Double-click the executable file (or *.exe) to replace your existing POP3 trap. You can refer to the readme.txt file included in the service pack for more information.
German, French, Spanish and Italian versions of the Hotfix against the buffer overflow vulnerability, can be found in Solution 13009:
http://kb.trendmicro.com/solutions/s...lutionID=13009
For additional information, see the Vendor's advisory at:
http://kb.trendmicro.com/solutions/s...lutionId=12982
Vendor URL: kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 (Links to External Site)
Cause: Boundary error
Underlying OS: Windows (Any)
Reported By: advisories@texonet.com (advisories@texonet.com)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote