Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
BID:23866
Info
Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 23866 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2508 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2007 12:00AM |
| Updated: | Feb 01 2008 05:57PM |
| Credit: | Eric DETOISIEN is credited with the discovery of this vulnerability. |
| Vulnerable: |
Trend Micro ServerProtect 5.58 |
| Not Vulnerable: | |
Discussion
Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Exploit / POC
Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
An exploit is available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/tm_sprotectagent.tar
It is not known if the exploit is available to the public.
The following exploit code is available as a module for the Metasploit Framework:
An exploit is available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/tm_sprotectagent.tar
It is not known if the exploit is available to the public.
The following exploit code is available as a module for the Metasploit Framework:
Solution / Fix
Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
Solution:
The vendor has released fixes to address this issue. Please see the references for more information.
References
Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
References:
References:
- Trend Micro Homepage (Trend Micro)
- Trend Micro Product Update Page (Trend Micro )
- Vulnerability Note VU#515616 Trend Micro ServerProtect buffer overflow vulnerabi (US-CERT)
- ZDI-07-024 Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability (Zero Day Initiative. )