PDA

Bekijk Volledige Versie : Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6



jrodriga@retevision.es
23/12/02, 23:40
Thanks Volker,

This warning was published 6 months ago. Please see the TrendMicro
Solution Bank (Solution 13000):


http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=13000

Regards,

Josué.

----- Remitido por Josue Rodriguez Garduño/CATALUNYA/RETEVISION con fecha
23/12/2002 18:08 -----
|---------+--------------------------->
| | |
| | |
| | |
| | |
| | |
| | Volker Tanger|
| | <volker.tanger@discon.de>|
| | 05/12/2002 17:00|
| | |
|---------+--------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
| |
| |
| ...Comunicado |
| |
| Para: bugtraq@securityfocus.com |
| cc: volker.tanger@discon.de |
| cco: |
| Asunto: Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 |
| |
| |
| |
| |
| |
>------------------------------------------------------------------------------------------------------------------------------|




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Greetings!

A quite well known (i.e. ancient) type of proxy vulnerability was
found for TrendMicro's InterScan VirusWall V3.6 This general problem
has been known to be an issue with plain HTTP proxies like the Squid
for ages (e.g. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14).

The vulnerability can be exploited using the CONNECT method to
connect to a different server, e.g. an internal mailserver as
port usage is completely unrestricted by the ISVW proxies V 3.6

Example:
you = 6.6.6.666
Trendmicro ISVW = 1.1.1.1 (http proxy at port 80)
Internal Mailserver = 2.2.2.2

connect with "telnet 1.1.1.1 80" to ISVW proxy and enter
CONNECT 2.2.2.2:25 / HTTP/1.0

response: mail server banner - and running SMTP session e.g.
to send SPAM from.

You can connect to any TCP port on any machine the proxy
can connect to. Telnet, SMTP, POP, etc.


Solution:
Update to ISVW 3.7 Build 1190 or newer (available since some
weeks now).


temp. Workarounds:
- disable the HTTP proxy (safe but inconvenient)
- You have a firewall that prevents unauthorized access to the
Trend ISVW proxy, don't you?



Volker Tanger
IT-Security Consulting

- --
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon +49 30 6104-3307
fax +49 30 6104-3461

volker.tanger@discon.de
http://www.discon.de/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE973gn0uordLlMxo4RArM4AJ0bMFRKrhuTa4+1jiBDjz wdDZYvdwCfdLNC
JdU0ocAoE8/Kmzumk2k/NRQ=
=C9cF
-----END PGP SIGNATURE-----





Si deseas más información acerca de RETEVISION y sus servicios, por favor
visítanos ahora en www.retevision.es

La información incluida en el presente correo electrónico es CONFIDENCIAL,
siendo para el uso exclusivo del destinatario arriba mencionado. Si usted
lee este mensaje y no es el destinatario señalado, el empleado o el agente
responsable de entregar el mensaje al destinatario, o ha recibido esta
comunicación por error, le informamos que está totalmente prohibida
cualquier divulgación, distribución o reproducción de esta comunicación, y
le rogamos que nos lo notifique, nos devuelva el mensaje original a la
dirección arriba mencionada y borre el mensaje.
Gracias.