Vulnerabilities > CVE-2001-0432 - Program Buffer Overflow vulnerability in Trend Micro Interscan Viruswall 3.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Trend Micro Interscan Viruswall (Linux) 3.0.1 Multiple Program Buffer Overflow. CVE-2001-0432. Dos exploit for linux platform |
| id | EDB-ID:20750 |
| last seen | 2016-02-02 |
| modified | 2001-04-13 |
| published | 2001-04-13 |
| reporter | eeye security |
| source | https://www.exploit-db.com/download/20750/ |
| title | Trend Micro Interscan Viruswall Linux 3.0.1 - Multiple Program Buffer Overflow |
Nessus
NASL family CGI abuses NASL id INTERSCAN_VW_CGI.NASL description The management interface used with the Interscan VirusWall uses several cgi programs that may allow a malicious user to remotely change the configuration of the server without any authorization using maliciously constructed querystrings. last seen 2020-06-01 modified 2020-06-02 plugin id 10733 published 2001-08-23 reporter Copyright (C) 2001-2018 INTRANODE source https://www.tenable.com/plugins/nessus/10733 title Trend Micro InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation code # # This script was written by Gregory Duchemin <[email protected]> # # See the Nessus Scripts License for details # # Title: Interscan VirusWall Remote configuration Vulnerability. # # Changes by Tenable: # - Revised english plugin title, updated copyright (1/13/2009) # - Revised plugin title (5/24/2012) # - Updated copyright (5/29/2012) #### REGISTER SECTION #### include("compat.inc"); if(description) { script_id(10733); script_bugtraq_id(2579); script_cve_id("CVE-2001-0432"); script_version ("1.28"); #Name used in the client window. script_name(english:"Trend Micro InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation"); script_set_attribute(attribute:"synopsis", value: "A remote service may be reconfigured by unauthorized users."); script_set_attribute(attribute:"description", value: "The management interface used with the Interscan VirusWall uses several cgi programs that may allow a malicious user to remotely change the configuration of the server without any authorization using maliciously constructed querystrings." ); # https://web.archive.org/web/20020227081400/http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9986ffc0" ); script_set_attribute(attribute:"solution", value: "Filter access to the management interface from the internet." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/08/23"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/04/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); #Summary appearing in the tooltips, only one line. summary["english"]="Check if the remote Interscan is vulnerable to remote reconfiguration."; script_summary(english:summary["english"]); #Test it among the firsts scripts, no risk to harm the remote host. script_category(ACT_GATHER_INFO); #Copyright stuff script_copyright(english:"Copyright (C) 2001-2020 INTRANODE"); #Category in wich script must be stored. family["english"]="CGI abuses"; script_family(english:family["english"]); script_dependencie("http_version.nasl"); #optimization, stop here if either no web service was found by find_service1.nasl plugin or no port 80 was open. script_require_ports(80, "Services/www"); exit(0); } #### ATTACK CODE SECTION #### include("http_func.inc"); include("http_keepalive.inc"); #search web port in knowledge database port = get_http_port(default:80, embedded:TRUE); if(!get_port_state(port))exit(0); request = http_get(item:"/interscan/cgi-bin/FtpSave.dll?I'm%20Here", port:port); receive = http_keepalive_send_recv(port:port, data:request); signature = "These settings have been saved"; if (signature >< receive) { security_hole(port); }NASL family CGI abuses NASL id VW_BOF.NASL description The remote cgi /catinfo seems to be vulnerable to a buffer overflow when it receives a too long input strings, allowing any user to execute arbitrary commands as root. This CGI usually comes with the VirusWall suite. last seen 2020-06-01 modified 2020-06-02 plugin id 10650 published 2001-04-16 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10650 title Trend Micro InterScan VirusWall catinfo CGI Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10650); script_version("1.34"); script_cvs_date("Date: 2018/08/06 14:03:14"); script_cve_id("CVE-2001-0432"); script_bugtraq_id(2579); script_name(english:"Trend Micro InterScan VirusWall catinfo CGI Overflow"); script_summary(english:"Overflow in catinfo"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote cgi /catinfo seems to be vulnerable to a buffer overflow when it receives a too long input strings, allowing any user to execute arbitrary commands as root. This CGI usually comes with the VirusWall suite."); #https://web.archive.org/web/20020227081400/http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9986ffc0"); script_set_attribute(attribute:"solution", value: "If you are using VirusWall, upgrade to version 3.6, or else you *may* ignore this warning."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2001/04/16"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DENIAL); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "no404.nasl", "http_version.nasl"); script_require_keys("Settings/ParanoidReport", "www/cern"); script_require_ports("Services/www", 1812); exit(0); } # We can not determine if the overflow actually took place or # not (as it took place when the CGI attempts to exit), so # we check if the cgi dumbly spits a 2048 octets long name. # include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:1812); res = http_send_recv3(method:"GET", item:"/catinfo", port:port, exit_on_fail: 1); # Send some crap... res = http_send_recv3(method:"GET", item:string("/catinfo?", crap(2048)), port:port); if("404" >< res[0]) exit(0,"Error 404 received."); if(crap(2048) >< res[2]) security_hole(port);