Lucene search

K

trend.micro.interscan.ftp.proxy.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 31 Views

Possible security flaw in Trend Micro's InterScan FTP Proxy allows unauthorized access.

Show more
Code
`Date: Mon, 14 Jun 1999 17:47:17 -0400  
From: "Lherisson, Karl C." <[email protected]>  
To: [email protected]  
Subject: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
  
Hi my name is Karl C. Lherisson a network consultant at a securities firm.  
I am writing to inform you that I recently purchased Trend Micro's  
InterScan product for its ability to scan email for viruses and to  
prevent SPAM from being relayed of our SMTP server. I also decided to  
look into the FTP proxy feature that is included but I found a possible  
security hole in the product. When using InterScan version 3.0 as a  
stand alone proxy there is no way to limit who can have access to the  
FTP proxy. Unlike the SMTP portion, where one can specify valid source  
IP addresses that are able to relay mail, anyone on the Internet who  
knows the IP address of the InterScan FTP proxy can use it to log onto  
another network and basically hide their identity.  
  
So if I were a "hacker" and I wanted to launch an FTP attack on lets say  
  
COMPANY A, and I know there is a Trend Micro InterScan FTP Proxy server at  
COMPANY B, well I would login to COMPANY B proxy server and then connect to  
COMPANY A. What makes matters worse is that InterScan 3.0 does not keep a  
log of FTP connections (basically making the hacker anonymous), and the  
software will perform the job of checking the hacker's files for viruses.  
Additionally, if COMPANY A found out that they were infiltrated in some way,  
it would appear that it originated from COMPANY B.  
  
Fortunately, the FTP Proxy Server can be disabled but this kills 1/3  
of the product functionality.  
  
-  
Karl C. Lherisson  
[email protected]  
Network Consultant  
  
-----------------------------------------------------------------------------  
  
Date: Thu, 24 Jun 1999 10:22:50 +0200  
From: sylviam <[email protected]>  
To: [email protected]  
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
  
FOR YOUR INFORMATION ONLY  
  
Herewith response from Trend Micro re message received from Karl C. on  
behalf of Lherisson dated Monday 14 June 1999.  
  
SYLVIA  
[email protected]  
  
-----Original Message-----  
>From: Paullin Lin [mailto:[email protected]]  
Sent: Wednesday, June 16, 1999 6:25 AM  
To: '[email protected]'  
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
  
  
Dear Sylvia,  
  
Following is the comment from our PM, for your reference.  
  
Best Regards  
Paullin  
  
-----Original Message-----  
>From: Mark Shih  
Sent: Tuesday, June 15, 1999 7:10 PM  
To: Paullin Lin  
Subject: RE: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
  
  
The InterScan FTP stand alone mode is expecting the firewall to do the IP  
filter for the security concern.  
  
Mark  
  
-----Original Message-----  
>From: Paullin Lin  
Sent: Tuesday, June 15, 1999 3:53 PM  
To: Mark Shih  
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
Importance: High  
  
  
Dear Mark,  
  
As Anthony is out of office, can I have your comments on this? Thanks.  
  
Best Regards  
Paullin  
  
-----Original Message-----  
>From: sylviam [mailto:[email protected]]  
Sent: Tuesday, June 15, 1999 3:17 PM  
To: [email protected]  
Cc: [email protected]  
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
Importance: High  
  
  
  
Dear Paullin  
  
Any comments?  
  
SYLVIA  
[email protected]  
  
  
-----Original Message-----  
>From: Bugtraq List [mailto:[email protected]] On Behalf Of Lherisson,  
Karl C.  
Sent: Monday, June 14, 1999 11:47 PM  
To: [email protected]  
Subject: Possible Security Flaw in Trend Micro's InterScan FTP Proxy  
  
  
Hi my name is Karl C. Lherisson a network consultant at a securities firm.  
I am writing to inform you that I recently purchased Trend Micro's  
InterScan product for its ability to scan email for viruses and to  
prevent SPAM from being relayed of our SMTP server. I also decided to  
look into the FTP proxy feature that is included but I found a possible  
security hole in the product. When using InterScan version 3.0 as a  
stand alone proxy there is no way to limit who can have access to the  
FTP proxy. Unlike the SMTP portion, where one can specify valid source  
IP addresses that are able to relay mail, anyone on the Internet who  
knows the IP address of the InterScan FTP proxy can use it to log onto  
another network and basically hide their identity.  
  
So if I were a "hacker" and I wanted to launch an FTP attack on lets say   
COMPANY A, and I know there is a Trend Micro InterScan FTP Proxy server at  
COMPANY B, well I would login to COMPANY B proxy server and then connect to  
COMPANY A. What makes matters worse is that InterScan 3.0 does not keep a  
log of FTP connections (basically making the hacker anonymous), and the  
software will perform the job of checking the hacker's files for viruses.  
Additionally, if COMPANY A found out that they were infiltrated in some way,  
it would appear that it originated from COMPANY B.  
  
Fortunately, the FTP Proxy Server can be disabled but this kills 1/3  
of the product functionality.  
  
-  
Karl C. Lherisson  
[email protected]  
Network Consultant  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo