Interscan Viruswall Remote Command Execution Vulnerability

vendor:

Interscan Viruswall

by:

Unknown

CVSS

CRITICAL

Remote Command Execution

119

CWE

Product Name: Interscan Viruswall

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2001-0341

CPE: a:trend_micro:interscan_viruswall

Metasploit:

Other Scripts:

Platforms Tested:

2001

Interscan Viruswall Remote Command Execution Vulnerability

The Interscan Viruswall software package contains a vulnerability that allows a remote attacker to execute arbitrary commands with root privileges on the system. The vulnerability is due to buffer overflows in the cgi programs used by the management interface of Interscan Viruswall. By exploiting these buffer overflows, an attacker can execute arbitrary commands by sending a specially crafted request to the vulnerable system.

Mitigation:

Trend Micro has released a patch to address this vulnerability. Users are advised to apply the patch as soon as possible to prevent exploitation of this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2579/info

Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network.

A problem with the software package could lead elevated privileges on the scanning system. The management interface used with the Interscan Viruswall uses several programs in a cgi directory that contain buffer overflows. Additionally, the http daemon used to execute these programs runs as root, and does not sufficiently control access to the programs, allowing a user to execute them directly.

Therefore, it is possible for a remote user to exploit buffer overflows in the cgi programs packaged with Interscan Viruswall, and execute arbitrary commands are root on the system hosting Viruswall. 

http://server:1812/catinfo?4500xA