Contact Us
|
How To Buy
|
Worldwide
|
Careers
|
Login
Home
Solutions
Enterprise
Data Center
Applications
Security
WAN Optimization
Cloud Computing
Industries
Carrier & Service Provider
Mobile Internet
Managed Security
DPI/DFI
VoIP/SIP ADC
Cloud Computing
OSS/BSS
Products
Application Delivery
AppDirector
Alteon
AppWall
AppXML
AppXcel
VirtualDirector
SIP Director
LinkProof
Content Inspection Director
vAdapter
Application and Network Security
DefensePro
Security Zone
Real-time Intelligence
Inflight
Management
APSolute Vision
Company
Management
Investor Relations
SEC Filings
Financials
Annual Reports
Customers
Technology Alliances
Industry Expertise
Careers
Israel (International HQ)
Americas (North & South)
Europe Middle East Africa (EMEA)
Asia Pacific (APAC)
Locations
News & Events
Press Releases
Media Coverage
Events
Awards
Certifications
Media Kit
Customer
Technical Support
Training
Schedules & Registration
Course Descriptions
Tuition & Fees
Certification
Additional Training Resources
Security Zone
Threats
Latest Attack Signatures
Latest WAF Updates
Signature Database
Security Update Service
Emergency Response Team
Partner
Partner Program
Marketing
Training
Become a Partner
Find a Partner
Technical Support
Training
Security Zone
Threats
Latest Attack Signatures
Latest WAF Updates
Signature Database
Security Update Service
Emergency Response Team
Attack Signature Detail
BO-TrendMicro-SendEmail-RPC
ID:
10968
Protected since:
10/27/2009 12:00:00 AM
File version:
0009_0013_00
Critical:
Click here to download the complete Signature File that includes this attack
Alias
Affected systems
Details
Buffer overflow - Trend Micro ServerProtect
Impact
Arbitrary Code Execution Denial of Service Full system compromise
Attack vector
TCP port 5168
Recommended solution
Trend Micro ServerProtect is vulnerable to a buffer overflow attack(CVE-2007-1070). Buffer overflow vulnerabilities occur due to programming errors within input validation routines or their absence. Such vulnerabilities can be exploited by diverting the affected application's path of execution to execute arbitrary code. If exploited successfully, this vulnerability could result in a compromise of the affected system, which in turn could be used as a standing-ground for further attacking internal resources. The flaw is due to the improper boundary checks on crafted RPC requests within the SpntSvc service. A remote unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code on the target host with System level privileges. The vulnerable program is the dynamically linked library Eng50.dll. The vulnerable function is the the routine ENG_SendEmail, which is responsible for part of the operations handled by the RPC function with opcode 0. The problematic parameter is an overly long string passed to RPC call with opcode 0, when subcode value of the RPC call is 0x0047. Recommended Solutions In order to protect against this vulnerability the following steps should be taken: - Update your Radware device with the latest signature file (See the supported products list below). - Ensure that the above mentioned signature group exists in the active protection profile. - To fix the vulnerability follow the instructions provided by the vendor.
References
CVE-2007-1070
Radware ID
10968
Radware group
Buffer_Overflow-Adv
Applications
Other applications
Services
Other services
Risk
High
Confidence
High
Threat type
Intrusions
Minimum application security version
2.10.00
Hardware requirements
SME
©
Radware Ltd. 2010 All Rights Reserved.
Sitemap
|
Privacy Policy
|
Site Feedback
|
Terms of Use
|
Glossary
Smart Network. Smart Business. ™