cnvd - cnvd-2015-03167

CNVD-2015-03167

Vulnerability from cnvd - Published: 2015-05-19

Title

Trend Micro ScanMail for Microsoft Exchange验证绕过漏洞

Description

Trend Micro ScanMail for Microsoft Exchange是一款用于Exchange邮件服务器的病毒扫描程序。 Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 Hot Fix Build 3318之前版本和11.0 Hot Fix Build 4180之前版本使用可猜测的随机数生成器生成WEB控制台的会话ID，允许远程攻击者利用漏洞通过暴力攻击绕过验证。

Severity

中

Patch Name

Trend Micro ScanMail for Microsoft Exchange验证绕过漏洞的补丁

Patch Description

Trend Micro ScanMail for Microsoft Exchange是一款用于Exchange邮件服务器的病毒扫描程序。Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 Hot Fix Build 3318之前版本和11.0 Hot Fix Build 4180之前版本使用可猜测的随机数生成器生成WEB控制台的会话ID，允许远程攻击者利用漏洞通过暴力攻击绕过验证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://esupport.trendmicro.com/solution/en-US/1109669.aspx

Reference

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

Impacted products

Name
['Trend Micro ScanMail 10.2(<Hot Fix Build 3318)', 'Trend Micro ScanMail 11.0(<Hot Fix Build 4180)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3326"
    }
  },
  "description": "Trend Micro ScanMail for Microsoft Exchange\u662f\u4e00\u6b3e\u7528\u4e8eExchange\u90ae\u4ef6\u670d\u52a1\u5668\u7684\u75c5\u6bd2\u626b\u63cf\u7a0b\u5e8f\u3002\r\n\r\nTrend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 Hot Fix Build 3318\u4e4b\u524d\u7248\u672c\u548c11.0 Hot Fix Build 4180\u4e4b\u524d\u7248\u672c\u4f7f\u7528\u53ef\u731c\u6d4b\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u751f\u6210WEB\u63a7\u5236\u53f0\u7684\u4f1a\u8bddID\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u66b4\u529b\u653b\u51fb\u7ed5\u8fc7\u9a8c\u8bc1\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://esupport.trendmicro.com/solution/en-US/1109669.aspx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03167",
  "openTime": "2015-05-19",
  "patchDescription": "Trend Micro ScanMail for Microsoft Exchange\u662f\u4e00\u6b3e\u7528\u4e8eExchange\u90ae\u4ef6\u670d\u52a1\u5668\u7684\u75c5\u6bd2\u626b\u63cf\u7a0b\u5e8f\u3002Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 Hot Fix Build 3318\u4e4b\u524d\u7248\u672c\u548c11.0 Hot Fix Build 4180\u4e4b\u524d\u7248\u672c\u4f7f\u7528\u53ef\u731c\u6d4b\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u751f\u6210WEB\u63a7\u5236\u53f0\u7684\u4f1a\u8bddID\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u66b4\u529b\u653b\u51fb\u7ed5\u8fc7\u9a8c\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro ScanMail for Microsoft Exchange\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Trend Micro ScanMail 10.2(\u003cHot Fix Build 3318)",
      "Trend Micro ScanMail 11.0(\u003cHot Fix Build 4180)"
    ]
  },
  "referenceLink": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-15",
  "title": "Trend Micro ScanMail for Microsoft Exchange\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-3326 (GCVE-0-2015-3326)

Vulnerability from cvelistv5 – Published: 2015-05-14 00:00 – Updated: 2024-08-06 05:47

Summary

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://esupport.trendmicro.com/solution/en-US/110…	x_refsource_CONFIRM
	http://blog.malerisch.net/2016/05/trendmicro-smex…	x_refsource_MISC
	http://www.securityfocus.com/bid/74661	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1032323	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:56.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
          },
          {
            "name": "74661",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74661"
          },
          {
            "name": "1032323",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032323"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
        },
        {
          "name": "74661",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74661"
        },
        {
          "name": "1032323",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032323"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx",
              "refsource": "CONFIRM",
              "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
            },
            {
              "name": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html",
              "refsource": "MISC",
              "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
            },
            {
              "name": "74661",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74661"
            },
            {
              "name": "1032323",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032323"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3326",
    "datePublished": "2015-05-14T00:00:00",
    "dateReserved": "2015-04-16T00:00:00",
    "dateUpdated": "2024-08-06T05:47:56.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-03167

CVE-2015-3326 (GCVE-0-2015-3326)

Tags

Sightings

Nomenclature