Lucene search

SAINT CorporationSAINT:29FA0389DD07EB1AC70B0114BFB917C4

HistoryMay 16, 2007 - 12:00 a.m.

Trend Micro ServerProtect EarthAgent RPC buffer overflow

2007-05-1600:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.945

Percentile

99.2%

JSON

Added: 05/16/2007
CVE: CVE-2007-2508
BID: 23866
OSVDB: 35789

Background

Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP.

Problem

A buffer overflow vulnerability in the EarthAgent daemon allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to port 3628/TCP.

Resolution

Apply one of the patches referenced in Trend Micro solution ID 1034290.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-024.html>

Limitations

Exploit works on Trend Micro ServerProtect 5.58 Build 1060.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.945

Percentile

99.2%

JSON

Related for SAINT:29FA0389DD07EB1AC70B0114BFB917C4