Info

Disclosure

May 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 03, 2004

Description

A buffer overflow exists in ServerProtect. EarthAgent.exe fails to validate data received on TCP port 3628 resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Trend Micro has released a patch to address this vulnerability.

Products

Trend Micro, Inc.	ServerProtect	5.58
		5.7

References

Security Tracker: 1018010
CVE ID: 2007-2508 (see also: NVD)
Bugtraq ID: 23866 23868
Secunia Advisory ID: 25186
SCIP VulDB ID: 3068
ISS X-Force ID: 34162 34163
Metasploit ID: 35789
Related OSVDB ID: 35790 35791 35792 35793
CERT VU: 488424 515616
VUPEN Advisory: ADV-2007-1689
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0098.html
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/serverprotect_earthagent
Vendor Specific News/Changelog Entry: http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-024.html
Keyword: TCP Port 3628

Credit

Eric Detoisien - eric.detoisienglobal-secure.fr - Global Secure

Direct URL: http://osvdb.org/35789

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Trend Micro, Inc.

ServerProtect

References

Credit