sansui110
2002-12-13, 03:32 PM
Title: Trend Micro's response to the buffer overflow vulnerability in POP3 -proxy of PC-cillin and OfficeScan.
Problem: Last November 15, 2002, Texonet informed Trend Micro of the following issue:
Problem: Last November 15, 2002, Texonet informed Trend Micro of the following issue:趨勢科技2003ㄉ問題趨勢他們老早就知道了還拿出來賣
The local running POP3 ?proxy (or pop3trap.exe) is vulnerable against oversized string inputs, which causes it to crash. This behaviour can be exploited by a local intruder, who can use a controlled buffer overflow to execute a command on the local machine.
Trend Micro has reported a minor fault in two of its antivirus products, whereby the local POP3 - proxy (or pop3trap.exe) is vulnerable to long or oversized?character strings, which could causes it to crash.
This vulnerability affects the following Trend Micro products:
PC-cillin 2000 / 2002 / 2003
OfficeScan Corporate Edition - client tool POP3 scanner
There have been no reports yet of customers being affected by this, but, as a precaution, we recommend that users of PC-cillin 2000/2002/2003 and OfficeScan Corporate Edition earlier than version 5.02, should visit the Trend Micro website at www.trendmicro.com, and follow the relevant upgrade/service pack instructions.
Solution: Resolve this issue using the following procedure:
If using PC-cillin 2000
Trend Micro recommends upgrading to PC-cillin 2002 or 2003 and applying the Service Packs below, to ensure your antivirus protection.
The latest PC-cillin installation package can be downloaded from www.trendmicro.com.
If using PC-cillin 2002 and 2003
Download the appropriate Service Pack attached below, which contains a new, updated POP3 module:
PC-cillin 2003: 2003_pop3_1163en.zip
PC-cillin 2002: 2002_pop3_1357en.zip
Use WinZip or a similar application to extract the contents of the service pack into a temporary directory.
For more information on how to extract the contents of a ZIP file, refer to Solution 12254.
Double-click the executable file (or *.exe) to replace your existing POP3 trap.
Refer to the readme.txt file included in the service pack for more information.
If using OfficeScan Corporate Edition
Check and make sure that you have upgraded or are using OfficeScan 5.02 or latest version.
The latest OfficeScan installation package can be downloaded from www.trendmicro.com.
Download the attached pop3hf.zip and refer to the included release notes for complete installation instructions.
Detailed Vulnerability Description:
About POP3 - proxy or pop3trap.exe:
Trend Micro's pop3trap.exe is an application level proxy for POP3 defined in RFC 1939. It forwards the local POP3 client requests to a remote server running on a different machine, mostly at the ISP-side. The service is only accessible from the localhost with IP address 127.0.0.1. The pop3trap.exe application runs transparent in the background and scans all mails received by POP3.
How POP3 - proxy or pop3trap.exe works:
The Mail-Client establish a connection to the local POP3 - Port (e.g. TCP Port 110), where POP3 ?Proxy listens for connections. The proxy itself connects to the destination POP3 server defined by the mail-client. All mails which are received by the mail-client needs to pass the proxy and can be scanned for malicious code.
About the buffer overflow vulnerability:
When sending an oversized string from the localhost to this Service, the proxy-application crashes due to a buffer overflow. Under some circumstances, it could be possible for an attacker to execute commands on the affected machine.
--------------------------------------------------------------------------------
Trend Micro is sorry for any inconvenience caused, but we do stress that customers should take the action recommended above to ensure their systems are protected from viruses.
Note: German, French, Spanish and Italian versions of the Hotfix against the buffer overflow vulnerability, can be found in Solution 13009, as attachments.
Attachment: 2002_pop3_1357en.zip (For English)
183.8KB
2003_pop3_1163en.zip (For English)
388.1KB
pop3hf.zip (For English)
153.6KB
Product: All
Version: All
Created: 12/4/2002 7:08:02 AM
Created: 12/4/2002 7:08:02 AM
趨勢科技2003ㄉ問題趨勢他們老早就知道了還拿出來賣現在趨勢ㄉ
中文網站都還不公佈
只公佈一些想讓大家被騙去買ㄉ廣告內容騙人ㄉ心還不死ㄌㄟ
偶就天天找這些消息給大家知道ㄌㄟ
:mad: :mad: :mad:
贊助商連結
Problem: Last November 15, 2002, Texonet informed Trend Micro of the following issue:
Problem: Last November 15, 2002, Texonet informed Trend Micro of the following issue:趨勢科技2003ㄉ問題趨勢他們老早就知道了還拿出來賣
The local running POP3 ?proxy (or pop3trap.exe) is vulnerable against oversized string inputs, which causes it to crash. This behaviour can be exploited by a local intruder, who can use a controlled buffer overflow to execute a command on the local machine.
Trend Micro has reported a minor fault in two of its antivirus products, whereby the local POP3 - proxy (or pop3trap.exe) is vulnerable to long or oversized?character strings, which could causes it to crash.
This vulnerability affects the following Trend Micro products:
PC-cillin 2000 / 2002 / 2003
OfficeScan Corporate Edition - client tool POP3 scanner
There have been no reports yet of customers being affected by this, but, as a precaution, we recommend that users of PC-cillin 2000/2002/2003 and OfficeScan Corporate Edition earlier than version 5.02, should visit the Trend Micro website at www.trendmicro.com, and follow the relevant upgrade/service pack instructions.
Solution: Resolve this issue using the following procedure:
If using PC-cillin 2000
Trend Micro recommends upgrading to PC-cillin 2002 or 2003 and applying the Service Packs below, to ensure your antivirus protection.
The latest PC-cillin installation package can be downloaded from www.trendmicro.com.
If using PC-cillin 2002 and 2003
Download the appropriate Service Pack attached below, which contains a new, updated POP3 module:
PC-cillin 2003: 2003_pop3_1163en.zip
PC-cillin 2002: 2002_pop3_1357en.zip
Use WinZip or a similar application to extract the contents of the service pack into a temporary directory.
For more information on how to extract the contents of a ZIP file, refer to Solution 12254.
Double-click the executable file (or *.exe) to replace your existing POP3 trap.
Refer to the readme.txt file included in the service pack for more information.
If using OfficeScan Corporate Edition
Check and make sure that you have upgraded or are using OfficeScan 5.02 or latest version.
The latest OfficeScan installation package can be downloaded from www.trendmicro.com.
Download the attached pop3hf.zip and refer to the included release notes for complete installation instructions.
Detailed Vulnerability Description:
About POP3 - proxy or pop3trap.exe:
Trend Micro's pop3trap.exe is an application level proxy for POP3 defined in RFC 1939. It forwards the local POP3 client requests to a remote server running on a different machine, mostly at the ISP-side. The service is only accessible from the localhost with IP address 127.0.0.1. The pop3trap.exe application runs transparent in the background and scans all mails received by POP3.
How POP3 - proxy or pop3trap.exe works:
The Mail-Client establish a connection to the local POP3 - Port (e.g. TCP Port 110), where POP3 ?Proxy listens for connections. The proxy itself connects to the destination POP3 server defined by the mail-client. All mails which are received by the mail-client needs to pass the proxy and can be scanned for malicious code.
About the buffer overflow vulnerability:
When sending an oversized string from the localhost to this Service, the proxy-application crashes due to a buffer overflow. Under some circumstances, it could be possible for an attacker to execute commands on the affected machine.
--------------------------------------------------------------------------------
Trend Micro is sorry for any inconvenience caused, but we do stress that customers should take the action recommended above to ensure their systems are protected from viruses.
Note: German, French, Spanish and Italian versions of the Hotfix against the buffer overflow vulnerability, can be found in Solution 13009, as attachments.
Attachment: 2002_pop3_1357en.zip (For English)
183.8KB
2003_pop3_1163en.zip (For English)
388.1KB
pop3hf.zip (For English)
153.6KB
Product: All
Version: All
Created: 12/4/2002 7:08:02 AM
Created: 12/4/2002 7:08:02 AM
趨勢科技2003ㄉ問題趨勢他們老早就知道了還拿出來賣現在趨勢ㄉ
中文網站都還不公佈
只公佈一些想讓大家被騙去買ㄉ廣告內容騙人ㄉ心還不死ㄌㄟ
偶就天天找這些消息給大家知道ㄌㄟ
:mad: :mad: :mad:
贊助商連結