Details of VAR-200901-0447

ID

VAR-200901-0447

CVE

CVE-2008-3866

TITLE

Trend Micro NSC Module Trend Micro Personal Firewall Vulnerabilities that prevent access restrictions on services

Trust: 0.8

sources: JVNDB: JVNDB-2009-005298

DESCRIPTION

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security. These issues affect the following: Trend Micro OfficeScan Corporate Edition 8.0 SP1 Patch 1 Trend Micro Internet Security 2008 Trend Micro Internet Security Pro 2008 Trend Micro PC-cillin Internet Security 2007. These can be exploited to cause heap-based buffer overflows via specially crafted packets containing a small value in a size field. The vulnerabilities are confirmed in versions 16.10.1063 and 16.10.1079. Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-42/ http://secunia.com/secunia_research/2008-43/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Less critical Impact: Security bypass Where: Local system ====================================================================== 3) Vendor's Description of Software "Trend Micro Internet Security provides smart, up-to-date protection for your home network against present and future threats without slowing down your PC.". This can be exploited by malicious, local users to manipulate firewall settings regardless of configured security settings. the firewall settings. To prevent any user from changing the settings, password restriction can be enabled. This can be exploited to manipulate the firewall settings regardless of whether password restriction is enabled by sending specially crafted packets to the service listening on port 40000/TCP. ====================================================================== 5) Solution Apply patch for OfficeScan 8.0 SP1 Patch 1. ====================================================================== 6) Time Table 22/10/2008 - Vendor notified. 22/10/2008 - Vendor response. 14/12/2008 - Vendor provides hotfix for testing. 19/12/2008 - Vendor informed that hotfix fixes vulnerabilities. 18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1. 20/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-3866 for the vulnerability. Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/ OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-43/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.16

sources: NVD: CVE-2008-3866 // JVNDB: JVNDB-2009-005298 // BID: 33358 // PACKETSTORM: 74111 // PACKETSTORM: 74109 // PACKETSTORM: 74170

AFFECTED PRODUCTS

vendor:	trend micro	model:	internet security 2008	scope:	eq	version:	17.0.1224	Trust: 2.4
vendor:	trend micro	model:	officescan	scope:	eq	version:	8.0	Trust: 1.6
vendor:	trend micro	model:	internet security 2007	scope:	-	version:	-	Trust: 1.4
vendor:	trend micro	model:	internet security 2007	scope:	eq	version:	*	Trust: 1.0
vendor:	trend micro	model:	officescan	scope:	eq	version:	8.0 sp1 patch 1	Trust: 0.8
vendor:	trend micro	model:	pc-cillin internet security	scope:	eq	version:	2007	Trust: 0.3
vendor:	trend micro	model:	officescan corporate edition sp1 patch	scope:	eq	version:	8.01	Trust: 0.3
vendor:	trend micro	model:	internet security pro	scope:	eq	version:	2008	Trust: 0.3
vendor:	trend micro	model:	internet security	scope:	eq	version:	2008	Trust: 0.3

sources: BID: 33358 // JVNDB: JVNDB-2009-005298 // CNNVD: CNNVD-200901-237 // NVD: CVE-2008-3866

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2008-3866
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200901-237
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2008-3866
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2009-005298 // CNNVD: CNNVD-200901-237 // NVD: CVE-2008-3866

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2009-005298 // NVD: CVE-2008-3866

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 74111 // PACKETSTORM: 74109 // PACKETSTORM: 74170 // CNNVD: CNNVD-200901-237

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200901-237

CONFIGURATIONS

sources: NVD: CVE-2008-3866

PATCH

title:

Critical Patch - Server Build 3191 and NSC module Build 1045

url:

http://www.trendmicro.com/ftp/documentation/readme/osce8.0_sp1_patch1_criticalpatch_3191_readme.txt

Trust: 0.8

sources: JVNDB: JVNDB-2009-005298

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3866	Trust: 2.8
db:	BID	id:	33358	Trust: 1.9
db:	SECUNIA	id:	31160	Trust: 1.7
db:	SECUNIA	id:	33609	Trust: 1.7
db:	SECTRACK	id:	1021616	Trust: 1.6
db:	SECTRACK	id:	1021617	Trust: 1.6
db:	VUPEN	id:	ADV-2009-0191	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-005298	Trust: 0.8
db:	XF	id:	48108	Trust: 0.6
db:	CNNVD	id:	CNNVD-200901-237	Trust: 0.6
db:	PACKETSTORM	id:	74111	Trust: 0.1
db:	PACKETSTORM	id:	74109	Trust: 0.1
db:	PACKETSTORM	id:	74170	Trust: 0.1

sources: BID: 33358 // JVNDB: JVNDB-2009-005298 // PACKETSTORM: 74111 // PACKETSTORM: 74109 // PACKETSTORM: 74170 // CNNVD: CNNVD-200901-237 // NVD: CVE-2008-3866

REFERENCES

url:	http://secunia.com/secunia_research/2008-43/	Trust: 2.2
url:	http://www.trendmicro.com/ftp/documentation/readme/osce8.0_sp1_patch1_criticalpatch_3191_readme.txt	Trust: 2.0
url:	http://www.securityfocus.com/bid/33358	Trust: 1.6
url:	http://secunia.com/advisories/33609	Trust: 1.6
url:	http://secunia.com/advisories/31160	Trust: 1.6
url:	http://www.securitytracker.com/id?1021617	Trust: 1.6
url:	http://www.securitytracker.com/id?1021616	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2009/0191	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/48108	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3866	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3866	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/48108	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2009/0191	Trust: 0.6
url:	http://secunia.com/secunia_research/2008-42/	Trust: 0.5
url:	http://uk.trendmicro-europe.com/enterprise/products/groups.php?prodgroup=3&family=5	Trust: 0.3
url:	/archive/1/500195	Trust: 0.3
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/product/16916/	Trust: 0.1
url:	http://secunia.com/advisories/product/16915/	Trust: 0.1
url:	http://secunia.com/advisories/product/13436/	Trust: 0.1
url:	http://secunia.com/advisories/31160/	Trust: 0.1
url:	http://secunia.com/advisories/product/14630/	Trust: 0.1
url:	http://www.trendmicro.com/ftp/products/patches/osce_8.0_sp1_patch1_win_en_criticalpatch_b3191.exe	Trust: 0.1
url:	http://secunia.com/advisories/33609/	Trust: 0.1
url:	http://www.trendmicro.com/ftp/documentation/readme/	Trust: 0.1
url:	http://secunia.com/secunia_research/	Trust: 0.1
url:	http://secunia.com/corporate/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/mailing_lists/	Trust: 0.1
url:	http://secunia.com/advisories/	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://us.trendmicro.com/us/products/personal/internet-security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3866	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1

sources: BID: 33358 // JVNDB: JVNDB-2009-005298 // PACKETSTORM: 74111 // PACKETSTORM: 74109 // PACKETSTORM: 74170 // CNNVD: CNNVD-200901-237 // NVD: CVE-2008-3866

CREDITS

Carsten Eiram

Trust: 0.7

sources: PACKETSTORM: 74170 // CNNVD: CNNVD-200901-237

SOURCES

db:	BID	id:	33358
db:	JVNDB	id:	JVNDB-2009-005298
db:	PACKETSTORM	id:	74111
db:	PACKETSTORM	id:	74109
db:	PACKETSTORM	id:	74170
db:	CNNVD	id:	CNNVD-200901-237
db:	NVD	id:	CVE-2008-3866

LAST UPDATE DATE

2022-05-04T09:31:05.074000+00:00

SOURCES UPDATE DATE

db:	BID	id:	33358	date:	2009-02-06T16:18:00
db:	JVNDB	id:	JVNDB-2009-005298	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200901-237	date:	2009-02-05T00:00:00
db:	NVD	id:	CVE-2008-3866	date:	2017-08-08T01:32:00

SOURCES RELEASE DATE

db:	BID	id:	33358	date:	2009-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2009-005298	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	74111	date:	2009-01-20T15:48:37
db:	PACKETSTORM	id:	74109	date:	2009-01-20T15:48:31
db:	PACKETSTORM	id:	74170	date:	2009-01-21T02:20:38
db:	CNNVD	id:	CNNVD-200901-237	date:	2009-01-21T00:00:00
db:	NVD	id:	CVE-2008-3866	date:	2009-01-21T20:30:00