CVE-2005-1928
CVSS7.8
发布时间 :2005-12-14 18:03:00
修订时间 :2011-05-20 00:00:00
NMCOPS    

[原文]Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.


[CNNVD]Trend Micro ServerProtect EarthAgent Daemon拒绝服务漏洞(CNNVD-200512-280)

        用于 Windows Management Console 5.58和可能的更早版本的Trend Micro ServerProtect EarthAgent在与Trend Micro Control Manager 2.5和3.0和Damage Cleanup Server 1.1一起运行时,远程攻击者可通过向端口5005发出大量带有某些"魔法值"的伪装数据包致使内存泄露而发起拒绝服务攻击(CUP耗损)。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1928
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1928
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-280
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2005/2907
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2907
http://www.securityfocus.com/bid/15868
(UNKNOWN)  BID  15868
http://www.osvdb.org/21773
(UNKNOWN)  OSVDB  21773
http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability
http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt
(UNKNOWN)  MISC  http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt
http://securitytracker.com/id?1015358
(UNKNOWN)  SECTRACK  1015358
http://securityreason.com/securityalert/259
(UNKNOWN)  SREASON  259
http://secunia.com/advisories/18038
(VENDOR_ADVISORY)  SECUNIA  18038
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254
(UNKNOWN)  MISC  http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254

- 漏洞信息

Trend Micro ServerProtect EarthAgent Daemon拒绝服务漏洞
高危 其他
2005-12-14 00:00:00 2006-06-09 00:00:00
远程  
        用于 Windows Management Console 5.58和可能的更早版本的Trend Micro ServerProtect EarthAgent在与Trend Micro Control Manager 2.5和3.0和Damage Cleanup Server 1.1一起运行时,远程攻击者可通过向端口5005发出大量带有某些"魔法值"的伪装数据包致使内存泄露而发起拒绝服务攻击(CUP耗损)。

- 公告与补丁

        Trend Micro已经发布了修复补丁。请联系厂商获取文件SPNT5.58_HotfixB1137.zip。

- 漏洞信息 (F42311)

iDEFENSE Security Advisory 2005-12-14.5 (PacketStormID:F42311)
2005-12-15 00:00:00
Pedram Amini,iDefense Labs  idefense.com
advisory,remote,denial of service,tcp,memory leak
windows
CVE-2005-1928
[点击下载]

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a denial of service vulnerability in Trend Micro Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources. The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value \x21\x43\x65\x87 targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.

Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability

iDefense Security Advisory 12.14.05
www.idefense.com/application/poi/display?id=356&type=vulnerabilities
December 14, 2005

I. BACKGROUND

Trend Micro Inc.'s ServerProtect provides antivirus scanning with
centralized management of virus outbreaks, scanning, patter file
updates, notifications and remote installations. More information about
the product set is available at:

 www.trendmicro.com/en/products/file-server/sp/evaluate/overview.htm

II. DESCRIPTION

Remote exploitation of a denial of service vulnerability in Trend Micro
Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the
target process to consume 100% of available CPU resources.

The problem specifically exists within ServerProtect EarthAgent in the
handling of maliciously crafted packets transmitted with the magic value
"\x21\x43\x65\x87" targeting TCP port 5005. A memory leak also occurs
with each received exploit packet allowing an attacker to exhaust all
available memory resources with repeated attack.

III. ANALYSIS

Successful exploitation of the described vulnerability allows
unauthenticated remote attackers to consume 100% CPU resources,
increasingly consume memory resources and potentially crash the
underlying operating system. Full CPU utilization can be achieved with a
single packet, memory consumption occurs incrementally on subsequent
attacks.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in Trend
Micro ServerProtect for Windows Management Console 5.58 running with
Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup
Server 1.1. It is suspected that earlier versions and versions for other
platforms are vulnerable as well.

V. WORKAROUND

Employ firewalls, access control lists or other TCP/UDP restriction
mechanisms to limit access to vulnerable systems on TCP port 5005.

VI. VENDOR RESPONSE

The vendor has released the following security advisory for this issue:

 http://kb.trendmicro.com/solutions/search/main/search/
 solutionDetail.asp?solutionID=25254

"Contact Trend Micro Technical Support to request for the
SPNT5.58_HotfixB1137.zip file, which should only be installed on servers
running SPNT 5.58."

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2005-1928 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

06/03/2005 Initial vendor notification
06/05/2005 Initial vendor response
12/14/2005 Public disclosure

IX. CREDIT

This vulnerability was discovered by Pedram Amini, OpenRCE
(www.openrce.org).

Get paid for vulnerability research
http://www.iDefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.iDefense.com

X. LEGAL NOTICES

Copyright     

- 漏洞信息

21773
Trend Micro ServerProtect EarthAgent Crafted Packet Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

ServerProtect contains a flaw that may allow a remote denial of service. The issue is triggered via specially crafted packets containing the string "\x21\x43\x65\x87" to port 5005 running the EarthAgent daemon, and will result in loss of availability for the platform.

- 时间线

2005-12-14 2005-06-03
2005-12-14 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Trend Micro has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Trend Micro ServerProtect EarthAgent Daemon Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 15868
Yes No
2005-12-14 12:00:00 2005-12-14 12:00:00
Discovered by Pedram Amini.

- 受影响的程序版本

Trend Micro ServerProtect 5.5.8

- 漏洞讨论

Trend Micro ServerProtect is prone to a remote denial of service vulnerability when the EarthAgent Daemon processes a malicious packet. This causes the process to consume a large amount of CPU and memory resources, potentially causing the underlying operating system to fail.

This issue affects Trend Micro ServerProtect version 5.58, however, earlier versions may also be affected.

- 漏洞利用

An exploit is not required.

- 解决方案

Trend Micro has released a fix. Please contact the vendor to obtain the file SPNT5.58_HotfixB1137.zip.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站