In association with heise online

22 February 2007, 11:17

Vulnerability in Trend Micro's ServerProtect for Linux [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider iDefense has reported that a design flaw in user authentication on the web interface of Trend Micro's ServerProtect for Linux allows attackers to switch off the virus scanner on the server or change its settings. The integrated server listens in on TCP port 14942 by default and is protected by a user-configured password.

When a user logs on, the web interface stores a cookie called splx_2376_info on the client computer; the cookie contains a valid session ID. Attackers can gain full access to the configuration by transferring a cookie with the name splx_2376_info and a random value as a session ID. For instance, this can be done via an intercept proxy or raw HTTP requests.

The security hole affects Trend Micro's ServerProtect for Linux [Update] 1.25, 1.3 and 2.5 [/Update]. The vendor has provided updates that administrators are advised to install immediately. In addition, administrators should restrict access to the server port to trusted computers.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit