ID

VAR-201112-0091


CVE

CVE-2011-5001


TITLE

Trend Micro Control Manager 'CmdProcessor.exe' Remote code execution vulnerability

Trust: 1.1

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5202 // BID: 50965

DESCRIPTION

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Authentication is not required to exploit this vulnerability.The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user. Trend Micro Control Manager (TMCM) is a centralized security management console from Trend Micro that enables unified coordination of Trend Micro products and services. Failed attacks will cause denial-of-service conditions. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Trend Micro Control Manager "CGenericScheduler::AddTask()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "CGenericScheduler::AddTask()" function in cmdHandlerRedAlertController.dll when handling certain IPC packets. The vulnerability is reported in version 5.5. SOLUTION: Update to version 5.5.0.1613. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma via ZDI. ORIGINAL ADVISORY: Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-345/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-345 December 7, 2011 - -- CVE ID: - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C - -- Affected Vendors: Trend Micro - -- Affected Products: Trend Micro Control Manager - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11469. More details can be found at: http://downloadcenter.trendmicro.com/index.php?prodid=7 - -- Disclosure Timeline: 2011-04-04 - Vulnerability reported to vendor 2011-12-07 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Luigi Auriemma - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJO3+GTAAoJEFVtgMGTo1sc5ccIAJ3q7sFo1wZYonvkXdF9DoQL VasDMEdu+0W3wy+NllFJAMXGTnxnLlnZ/rpV4be90eEE2m8iQ23SDJLrXR4JsyRN rN5LEHGJL0Ijyphq4gy7FRNMu6/eoaJSP5TEhnNcGXAvBb4MblyKcIDfmTgn2fhO QSfM022Xce6Q9pVnfymQLHLnsSt48b7uGJY4G2cGe9Ao0gi3uPyB5qvK6osOTtof 7f9rZ8mNXRGutfNUYWiB0xlOSqJBiufj1ukVHQ4eScBsGHhHeOJNT+kepiUVASum /m7LC8i6JqA9wpVgDV/Od1fFYzsyTwhYdamlW8ULI/Caj1MYQopEl2Zy3bcbRX8= =VzVD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.42

sources: NVD: CVE-2011-5001 // JVNDB: JVNDB-2011-003546 // ZDI: ZDI-11-345 // CNVD: CNVD-2011-5202 // BID: 50965 // IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // PACKETSTORM: 107692 // PACKETSTORM: 107635

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5202

AFFECTED PRODUCTS

vendor:trend micromodel:control managerscope:eqversion:5.5

Trust: 1.5

vendor:trend micromodel:control managerscope:lteversion:5.5

Trust: 1.0

vendor:trend micromodel:control managerscope:eqversion:5.0

Trust: 0.9

vendor:trend micromodel:control managerscope:ltversion:5.5

Trust: 0.8

vendor:trend micromodel:control managerscope:eqversion:build 1613

Trust: 0.8

vendor:trend micromodel:control managerscope: - version: -

Trust: 0.7

vendor:control managermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // ZDI: ZDI-11-345 // CNVD: CNVD-2011-5202 // BID: 50965 // JVNDB: JVNDB-2011-003546 // CNNVD: CNNVD-201112-441 // NVD: CVE-2011-5001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5001
value: HIGH

Trust: 1.0

NVD: CVE-2011-5001
value: HIGH

Trust: 0.8

ZDI: ZDI-11-345
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201112-441
value: CRITICAL

Trust: 0.6

IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-5001
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: ZDI-11-345
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // ZDI: ZDI-11-345 // JVNDB: JVNDB-2011-003546 // CNNVD: CNNVD-201112-441 // NVD: CVE-2011-5001

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003546 // NVD: CVE-2011-5001

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 107635 // CNNVD: CNNVD-201112-105 // CNNVD: CNNVD-201112-441

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003546

PATCH

title:Critical Patch - Build 1613url:http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt

Trust: 0.8

title:Trend Micro has issued an update to correct this vulnerability.url:http://downloadcenter.trendmicro.com/index.php?prodid=7

Trust: 0.7

title:Trend Micro Control Manager 'CmdProcessor.exe' patch for remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/6199

Trust: 0.6

title:TMCM-5.5-B1250-EN-GM-Repack4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42193

Trust: 0.6

sources: ZDI: ZDI-11-345 // CNVD: CNVD-2011-5202 // JVNDB: JVNDB-2011-003546 // CNNVD: CNNVD-201112-441

EXTERNAL IDS

db:ZDIid:ZDI-11-345

Trust: 3.4

db:NVDid:CVE-2011-5001

Trust: 2.9

db:SECUNIAid:47114

Trust: 1.8

db:SECTRACKid:1026390

Trust: 1.6

db:BIDid:50965

Trust: 1.5

db:CNVDid:CNVD-2011-5202

Trust: 0.8

db:CNNVDid:CNNVD-201112-441

Trust: 0.8

db:JVNDBid:JVNDB-2011-003546

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1138

Trust: 0.7

db:CNNVDid:CNNVD-201112-105

Trust: 0.6

db:XFid:71681

Trust: 0.6

db:BUGTRAQid:20111207 ZDI-11-345 : TRENDMICRO CONTROL MANAGER CMDPROCESSOR.EXE ADDTASK REMOTE CODE EXECUTION VULNERABILITY

Trust: 0.6

db:IVDid:4A2C282E-1F7C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:107692

Trust: 0.1

db:PACKETSTORMid:107635

Trust: 0.1

sources: IVD: 4a2c282e-1f7c-11e6-abef-000c29c66e3d // ZDI: ZDI-11-345 // CNVD: CNVD-2011-5202 // BID: 50965 // JVNDB: JVNDB-2011-003546 // PACKETSTORM: 107692 // PACKETSTORM: 107635 // CNNVD: CNNVD-201112-105 // CNNVD: CNNVD-201112-441 // NVD: CVE-2011-5001

REFERENCES

url:http://www.zerodayinitiative.com/advisories/zdi-11-345/

Trust: 2.6

url:http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm55_1613.txt

Trust: 1.7

url:http://www.securitytracker.com/id?1026390

Trust: 1.6

url:http://secunia.com/advisories/47114

Trust: 1.6

url:http://downloadcenter.trendmicro.com/index.php?prodid=7

Trust: 1.1

url:http://www.securityfocus.com/archive/1/520780/100/0/threaded

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71681

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5001

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5001

Trust: 0.8

url:http://www.securityfocus.com/bid/50965

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/71681

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/520780/100/0/threaded

Trust: 0.6

url:http://us.trendmicro.com/us/products/enterprise/control-manager/

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/47114/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47114

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/47114/#comments

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-345

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

sources: ZDI: ZDI-11-345 // CNVD: CNVD-2011-5202 // BID: 50965 // JVNDB: JVNDB-2011-003546 // PACKETSTORM: 107692 // PACKETSTORM: 107635 // CNNVD: CNNVD-201112-105 // CNNVD: CNNVD-201112-441 // NVD: CVE-2011-5001

CREDITS

Luigi Auriemma

Trust: 1.6

sources: ZDI: ZDI-11-345 // BID: 50965 // CNNVD: CNNVD-201112-105

SOURCES

db:IVDid:4a2c282e-1f7c-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-11-345
db:CNVDid:CNVD-2011-5202
db:BIDid:50965
db:JVNDBid:JVNDB-2011-003546
db:PACKETSTORMid:107692
db:PACKETSTORMid:107635
db:CNNVDid:CNNVD-201112-105
db:CNNVDid:CNNVD-201112-441
db:NVDid:CVE-2011-5001

LAST UPDATE DATE

2024-08-14T13:49:02.478000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-11-345date:2011-12-07T00:00:00
db:CNVDid:CNVD-2011-5202date:2011-12-12T00:00:00
db:BIDid:50965date:2012-02-24T08:20:00
db:JVNDBid:JVNDB-2011-003546date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-105date:2011-12-09T00:00:00
db:CNNVDid:CNNVD-201112-441date:2011-12-26T00:00:00
db:NVDid:CVE-2011-5001date:2018-10-09T19:33:40.137

SOURCES RELEASE DATE

db:IVDid:4a2c282e-1f7c-11e6-abef-000c29c66e3ddate:2011-12-12T00:00:00
db:ZDIid:ZDI-11-345date:2011-12-07T00:00:00
db:CNVDid:CNVD-2011-5202date:2011-12-12T00:00:00
db:BIDid:50965date:2011-12-07T00:00:00
db:JVNDBid:JVNDB-2011-003546date:2011-12-28T00:00:00
db:PACKETSTORMid:107692date:2011-12-09T06:58:05
db:PACKETSTORMid:107635date:2011-12-08T04:11:07
db:CNNVDid:CNNVD-201112-105date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-441date:2011-12-26T00:00:00
db:NVDid:CVE-2011-5001date:2011-12-25T01:55:02.773