Trend Micro InterScan VirusWall HELO Overflow

1999-11-08T00:00:00
ID OSVDB:6174
Type osvdb
Reporter dark spyrit(dspyrit@beavuh.org)
Modified 1999-11-08T00:00:00

Description

Vulnerability Description

A remote overflow exists in Trend Micro Interscan Viruswall. The Interscan Viruswall fails to validate the boundary condition of a HELO command. By sending an overly long HELO command, a remote attacker can overflow the buffer and execute arbitrary code, resulting in a loss of confidentiality,integrity and availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Trend Micro has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Trend Micro Interscan Viruswall. The Interscan Viruswall fails to validate the boundary condition of a HELO command. By sending an overly long HELO command, a remote attacker can overflow the buffer and execute arbitrary code, resulting in a loss of confidentiality,integrity and availability.

References:

Vendor Specific Solution URL: http://www.antivirus.com/download/. Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1519.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0087.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1553.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1525.html ISS X-Force ID: 3465 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/ivwdos.pl CVE-1999-1529 CVE-2001-0679 Bugtraq ID: 787