Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: vwall9~1.htm

VirusWall for NT - remote user can gain admin functions access



Vulnerability

    VirusWall

Affected

    Trend Micro InterScan VirusWall for Windows NT 3.51

Description

    Following is based on a SNS Advisory No.30.  It is possible for  a
    remote  user  to  improperly  gain  access  to  admin functions of
    InterScan VirusWall for Windows NT.  To change configurations  via
    web browser, access to following URL:

        http://VirusWall/interscan/cgi-bin/interscan.dll

    Then, no authentication is required and any remote user can change
    configuration setting.  Discovered by Nobuo Miwa.

Solution

    Trend Micro  support team  responded nothing.    Until  the  patch
    will  be  released,  set  up  access  control  to refuse access to
    servers   in   which   InterScan   VirusWall   is   installed   by
    non-administrative user.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH