Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow Vulnerability

Bugtraq ID:	22240
Class:	Boundary Condition Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 25 2007 12:00AM
Updated:	Jan 26 2007 06:19PM
Credit:	Sebastian Wolfgarten is credited with the discovery of this vulnerability.
Vulnerable:	Trend Micro Interscan Viruswall (Linux) 3.81 - Redhat Linux 6.2 i386 - Redhat Linux 6.1 i386 - SuSE Linux 7.0 - SuSE Linux 6.4 - Turbolinux Turbolinux 6.1
Not Vulnerable:

Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow Vulnerability

Trend Micro InterScan VirusWall is prone to a buffer-overflow vulnerability because the application fails to check the size of data before copying it into a finite-sized internal memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. This may facilitate the complete compromise of affected computers.

This issue affects version 3.81; other versions may also be vulnerable.

Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/tmvwall381v3_exp.c

Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow Vulnerability

Solution:
Trend Micro has released a fix that addresses these issues. Please see the vendor references for more information.


Trend Micro Interscan Viruswall (Linux) 3.81

• Trend Micro isux381_lx_securitypatch_vsapi8380.tar
  http://www.trendmicro.com/ftp/products/patches/isux381_lx_securitypatc h_vsapi8380.tar

Trend Micro InterScan VirusWall VSAPI Module Buffer Overflow Vulnerability

References:

• nterScan VirusWall 3.81 for Linux Security Patch - VSAPI module (Trend Micro)
  
• Trend Micro Homepage (Trend Micro)
  
• Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux (Sebastian Wolfgarten )
  
• Security advisory: Buffer overflow in VSAPI library of Trend Micro VirusWall 3.8 (Sebastian Wolfgarten)