Return-Path: owner-bugtraq@SECURITYFOCUS.COM MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Message-ID: Date: Thu, 16 Mar 2000 14:46:55 -0800 Reply-To: Richard Sheng Sender: Bugtraq List From: Richard Sheng Subject: Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies X-To: BUGTRAQ@SECURITYFOCUS.COM, "vuldb@securityfocus.com" X-cc: "gdn@neurocom.com" , Jeff Stevens To: BUGTRAQ@SECURITYFOCUS.COM Patch Available for "OfficeScan DoS & Message Replay" Vulnerability Posted: March 16, 2000 Summary ======= Trend Micro has released a new version of OfficeScan Corporate Edition - version 3.51 - that eliminates two security vulnerabilities found on previous versions. Previous versions of OfficeScan allow intruders within a firewall to initiate a DoS attack on the OfficeScan client (tmlisten.exe) as well as to capture OfficeScan commands. These commands can be replayed and used to change other OfficeScan client configurations. Issues ====== Trend OfficeScan version 3.5 or earlier versions perform incomplete parsing and buffer overflow checking in its Windows NT client. If a malicious user, has the ability to telnet and submit some form of message to the OfficeScan NT client, OfficeScan service consumes 100% CPU processing power. In addition, communication between the OfficeScan server and client was established with insufficient encryption and authentication, which allows a malicious user to sniff and replay OfficeScan commands. Implementation ============== Trend Micro has corrected the DoS attack issue by correctly parsing and handling commands or arbitrary messages sent to the OfficeScan client. Trend Micro has implemented MD5 Message-Digest Algorithm to ensure that the commands between the server and the clients can not be decrypted or captured to be replayed to other clients. For details about the MD5 encryption algorithm see: http://theory.lcs.mit.edu/~rivest/rfc1321.txt Affected Software Versions ========================== Trend OfficeScan Corporate Edition 3.0 Trend OfficeScan Corporate Edition 3.11 Trend OfficeScan Corporate Edition 3.13 Trend OfficeScan Corporate Edition 3.5 Trend OfficeScan for Microsoft SBS 4.5 Patch Availability ================== - http://www.antivirus.com/download/ofce_patch.htm More Information ============ Please see the following references for more information related to this issue. - Trend Micro Security Bulletin: http://www.antivirus.com/download/ofce_patch_35.htm - Frequently Asked Questions: Trend Micro Knowledge Base http://solutionbank.antivirus.com/solutions/faqResult.asp?product=8 Obtaining Support on this Issue =============================== This is a fully supported release. Information on contacting Trend Micro Technical Support is available at http://www.trend.com/support/default.htm Acknowledgements ================ Trend Micro thanks Gregory Duchemin http://www.securite-internet.com and Jeff Stevens http://www.umeme.maine.edu for reporting the DoS and Message Replay vulnerability to us, and working with us to protect our customers. ==================== Richard Sheng Product Manager Trend Micro, Inc. http://www.antivirus.com 408-257-1500 =======================