Trend Micro Web Management Authentication Bypass Vulnerability

Bugtraq ID:	30792
Class:	Design Error
CVE:	CVE-2008-2433
Remote:	Yes
Local:	No
Published:	Aug 22 2008 12:00AM
Updated:	Aug 28 2008 06:46PM
Credit:	Dyon Balding
Vulnerable:	Trend Micro Worry-Free Business Security 5.0 Trend Micro OfficeScan 8.0 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 7.3 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro OfficeScan 7.0 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro Client/Server/Messaging Suite 3.6 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1 Trend Micro Client/Server/Messaging Suite 3.5 - Microsoft Windows 3.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Novell Netware 4.11 - Novell Netware 4.1
Not Vulnerable:

Trend Micro Web Management Authentication Bypass Vulnerability

Trend Micro Web Management is prone to an authentication-bypass vulnerability because of insufficient entropy used when creating session tokens.

Attackers can exploit this issue to gain administrative access to the application. Reports indicate that after gaining access to the management console, attackers may be able to execute arbitrary code by changing the configuration. Due to a lack of information, the context of the code execution is currently unknown. We will update this BID as more information emerges.

The following Trend Micro products are affected:

Trend Micro OfficeScan 7.0, 7.3 and 8.0
Worry-Free Business Security 5.0
Trend Micro Client/Server/Messaging Suite 3.5 and 3.6

Other versions of these products may also be affected.

Trend Micro Web Management Authentication Bypass Vulnerability

Attackers can use widely available tools to exploit this issue.

Trend Micro Web Management Authentication Bypass Vulnerability

Solution:
Trend Micro have released patches for OfficeScan 8.0 and Worry-Free Business Security 5.0. Reportedly, patches for other affected products will be released shortly. We will update this BID as more information emerges.


Trend Micro OfficeScan 8.0

• Trend Micro OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3037.exe
  http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win _EN_CriticalPatch_B3037.exe


• Trend Micro OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402.exe
  http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_Cri ticalPatch_B2402.exe


• Trend Micro OSCE_8.0_Win_EN_CriticalPatch_B1351.exe
  http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_Critica lPatch_B1351.exe

Trend Micro Worry-Free Business Security 5.0

• Trend Micro WFBS_50_WIN_EN_CriticalPatch_B1404.exe
  http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_Critical Patch_B1404.exe

Trend Micro Web Management Authentication Bypass Vulnerability

References:

• http://secunia.com/secunia_research/2008-31/advisory/ (Secunia)
  
• Trend Micro Homepage (Trend Micro)
  
• Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Critical Patch - Build 2402 (Trend Micro)
  
• Worry-Free Business Security 5.0 - Security Server Critical Patch - Build 1404 (Trend Micro)
  
• Secunia Research: Trend Micro Products Web Management Authentication Bypass (Secunia Research )