TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll

2001-08-14T00:00:00
ID VU:888283
Type cert
Reporter CERT
Modified 2001-08-15T00:00:00

Description

Overview

A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager.

Description

InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to adult/unproductive web sites, manage and monitor web usage, monitor and control http traffic, and provide digital certificate revocation checking in SSL connections. If a secure Web site’s digital certificate has been revoked, InterScan WebManager has the capability to terminate the transaction.

A remotely exploitable buffer overflow exists in the RegGo dynamic link library module included in Trend Micro InterScan WebManager. This module provides management features for the system administrator over an http interface.


Impact

Attackers can execute arbitrary code with privileges equivalent to the web server process, typically SYSTEM. Attackers may also be able to inspect and modify all http traffic flowing through the device. Additionally, attackers may be able to disable digital certificate revocation checking in SSL connections thereby allowing access to intentionally malicious websites.


Solution

Trend Micro has indicated that this vulnerability has been eliminated in TrendMicro InterScan WebManager version 2.1. Contact Trend Micro for the upgrade.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Trend Micro| | 12 Jul 2001| 15 Aug 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.securityfocus.com/bid/2959>
  • <http://www.lac.co.jp/security/english/snsadv_e/36_e.html>

Credit

This vulnerability was discovered by Little eArth Corporation Co., Ltd and was made public on July 2, 2001.

This document was written by Ian A. Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 02 Jul 2001
  • Date First Published: 14 Aug 2001
  • Date Last Updated: 15 Aug 2001
  • Severity Metric: 40.50
  • Document Revision: 55