|
Vulnerability InterScan VirusWall Affected InterScan VirusWall for NT Description Following is based on a SNS Advisory No.28. Trend Micro InterScan VirusWall for Windows NT is an antivirus software program and has capabilities to control remotely via pre-insalled CGI programs. There is a vulnerability that could allow for a malicious remote user to make unexpected modifications for the configuration of software. InterScan VirusWall for Windows NT is a virus protection software for incoming and outgoing e-mail, http, ftp traffics. This software has a capability to set and change the configuration by using Web browser. The interface of configuration is constructed by a sort of CGI programs on the Internet Information Server 4.0. Unfortunately, the CGI programs has no features to control the source of request for the modification and are not protected for malicious remote users when a location of program is called with any arguments. This may allow for a remote user to make the software change unexpectedly. Examples: http://target/interscan/cgi-bin/FtpSave.dll?no http://target/interscan/cgi-bin/FtpSave.dll?yes http://target/interscan/cgi-bin/FtpSave.dll?I'm%20here This was tested with InterScan VirusWall for Windows NT 3.51 English on Windows NT 4.0 SP6a [English Version]. It has been discovered by Nobuo Miwa. Solution No patches are available now. Trend Micro support team responded that this problem will be fixed at Version 5.0. They reported also the patch program will be released in July, 2001. Until the patch will be released, the solution is installing this software behind the protected network (ie. use firewall, use access control features of the Web server).