Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: vbuste.htm

Virus Buster email virus scanning Buffer Overflow



Vulnerability

    Virus Buster

Affected

    Virus Buster 2001 8.0

Description

    Ichinose Sayo found  following.  He  found a security  hole in the
    feature of virus scan for  e-mail in Virus Buster 2001  from Trend
    Micro Inc.

    Virus Buster 2001 is a japanese software package that has  similar
    functions  of  PC-cillin  2000  such  as  eMail Virus Scanning and
    Browser Scanning.

    The feature  of virus  scan for  e-mail in  this software,  called
    "eMail Virus Scanning" on PC-cillin, is used not to receive e-mail
    including virus by scanning  every e-mail whenever MUA  (Mail User
    Agent) imports e-mail by using POP3 protocol.

    The  function  is  running  as  a  proxy between MUA and MRA (Mail
    Retrieval Agent) as well.

    The buffer overflow occurs when MUA received email with the header
    defined in RFC 822 including unusually long strings.  As a result,
    the user  of this  software is  not able  to receive any e-mail(s)
    more.   A restart  of the  computer is  required in  order to gain
    normal functionality.

    Example of Issue:

        From: ichinose@lac.co.jp
        To: aaaaaaaaaaaaaaaaaaaaa(about 16,000 charactors)aaaaaaaaa
        Date: Fri, 26 Jan 2001 16:07:23 +0900
        Subject: TEST
        I've seen at all.

    or

        From: ichinose@lac.co.jp
        To: ichinose@lac.co.jp
        Date: Tue, 30 Jan 2001 15:06:57 +0900
        Subject: TEST
        Mime-Version: 1.0
        Content-Type: MultiPart/Mixed;Boundary="aaa(about 300 characters)aaa"
        --aaa(about 300 characters)aaa
        
        Content-Type: text/plain; charset=iso-2022-jp
        body
        
        --aaa(about 300 characters)aaa
        
        Content-Type: application/octet-stream; name="aaa.exe"
        Content-Transfer-Encoding: base64
        Content-Disposition: inline; filename="aaa.exe"
        
        --aaa(約300個)aaa
        
        I've seen at all.

Solution

    Due to prompt response by Trend Micro, the version 8.02, which was
    fixed this problem, was published on February 7th.  You can update
    to  Program  Version  8.02  by  using the feature of automatically
    updating  software  called  Intelligent  Update.   If you have not
    updated your software since February 7th, you must upgrade to  the
    version 8.02 with Intelligent Update immediately.

    Required conditions for updating are:

        1) using product version as registered user.
        2) updating the software with Intelligent Update (License  key
           is necessary to do this.)

    Also, the Service Pack to fix this issue is available from:

        http://www.trendmicro.co.jp/homeuser/download/vb2001sp2.htm

    (Japanese only; the program will be updated to 8.02.)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH