Exploit Trend Micro Interscan VirusWall (Linux) 3.0.1 - Multiple Program Buffer Overflows

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20750
Проверка EDB
  1. Пройдено
Автор
EEYE SECURITY
Тип уязвимости
DOS
Платформа
LINUX
CVE
cve-2001-0432
Дата публикации
2001-04-13
Код:
source: https://www.securityfocus.com/bid/2579/info

Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network.

A problem with the software package could lead elevated privileges on the scanning system. The management interface used with the Interscan Viruswall uses several programs in a cgi directory that contain buffer overflows. Additionally, the http daemon used to execute these programs runs as root, and does not sufficiently control access to the programs, allowing a user to execute them directly.

Therefore, it is possible for a remote user to exploit buffer overflows in the cgi programs packaged with Interscan Viruswall, and execute arbitrary commands are root on the system hosting Viruswall. 

http://server:1812/catinfo?4500xA
 
Источник
www.exploit-db.com

Похожие темы