CERTA-2005-AVI-491

Vulnerability from certfr_avis - Published: - Updated:

Description

Une vulnérabilité du daemon Trend Micro Inc's ServerProtect EarthAgent conduit permet à un individu mal intentioné distant de confectionner astucieusement un seul paquet IP et d'envoyer ce paquet à destination du port 5005/TCP. Cette attaque à pour conséquence de consommer toute la puissance CPU disponible. Chaque attaque provoquant une fuite de mémoire, des attaques répétées ont pour effet de provoquer un autre déni de service lorsque toute la mémoire est consommée : l'arrêt brutal du système d'exploitation.

Contournement provisoire

Vérifier que le pare-feu filtre le port 5005/TCP.

Solution

Le vendeur fournit un correctif pour cette vulnérabilité. Le correctif est identifié de la façon suivante :

SPNT5.59_Hotfix1137.zip

None
Impacted products
Vendor Product Description
Trend Micro N/A d'autres versions sont peut être affectées.
Trend Micro N/A Trend Micro Damage Cleanup Server 1.1.
Trend Micro N/A Trend Micro ServerProtect for Windows Management Console 5.58 ;
References
Avis iDefense 12.14.05 None vendor-advisory
avis iDefense : - other
avis Trend Micro : - other

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "d\u0027autres versions sont peut \u00eatre affect\u00e9es.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Trend Micro Damage Cleanup Server 1.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Trend Micro ServerProtect for Windows Management Console 5.58 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 du daemon Trend Micro Inc\u0027s ServerProtect EarthAgent\nconduit permet \u00e0 un individu mal intention\u00e9 distant de confectionner\nastucieusement un seul paquet IP et d\u0027envoyer ce paquet \u00e0 destination du\nport 5005/TCP. Cette attaque \u00e0 pour cons\u00e9quence de consommer toute la\npuissance CPU disponible. Chaque attaque provoquant une fuite de\nm\u00e9moire, des attaques r\u00e9p\u00e9t\u00e9es ont pour effet de provoquer un autre d\u00e9ni\nde service lorsque toute la m\u00e9moire est consomm\u00e9e : l\u0027arr\u00eat brutal du\nsyst\u00e8me d\u0027exploitation.\n\n## Contournement provisoire\n\nV\u00e9rifier que le pare-feu filtre le port 5005/TCP.\n\n## Solution\n\nLe vendeur fournit un correctif pour cette vuln\u00e9rabilit\u00e9. Le correctif\nest identifi\u00e9 de la fa\u00e7on suivante :\n\nSPNT5.59_Hotfix1137.zip\n",
  "cves": [],
  "links": [
    {
      "title": "avis iDefense :",
      "url": "http://www.idefense.com/application/poi/display?id=356\u0026type=vulnerabilities"
    },
    {
      "title": "avis Trend Micro :",
      "url": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254"
    }
  ],
  "reference": "CERTA-2005-AVI-491",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Trend Micro ServerProtect",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis iDefense 12.14.05",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.