ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052904 漏洞类型
发布时间 2007-08-26 更新时间 2007-08-26
CVE编号 CVE-2007-4490
CVE-2007-4219
CVE-2007-4218
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007080117
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
  Trend Micro, Inc.                                        July 27, 2007
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003            
                       Security Patch 4 - Build 1185                     
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     
     Contents
     ===================================================================
     1.  Overview of this Security Patch Release
	 1.1 Files Included in this Release
     2.  What's New         
     3.  Documentation Set
     4.  System Requirements
     5.  Installation
     6.  Post-installation Configuration
     7.  Known Issues
     8.  Release History
     9.  Contact Information
     10. About Trend Micro
     11. License Agreement
     ===================================================================


1. Overview of this Security Patch Release
========================================================================
   This security patch addresses buffer overflow vulnerabilities in 
   ServerProtect modules "EarthAgent.exe", "eng50.dll", "StRpcSrv.dll",
   and "StCommon.dll".   
   
   1.1 Files Included in This Release 
   =====================================================================
   Module File Name		Build No.    
   
   NT Server
       admin.exe         	5.58 build 1185
       adm_enu.dll       	5.58 build 1185
       AgentClient.dll   	5.58 build 1185
       AgRpcCln.dll      	5.58 build 1185
       cert5.db          	
       ciussi32.dll      	2.0  build 1026
       EarthAgent.exe    	5.58 build 1185
       Eng50.dll         	5.58 build 1185
       EventMsg2.dll     	5.58 build 1185
       Logdb.dll         	5.58 build 1185
       LogDbTool.dll     	5.58 build 1185
       LogViewer.exe     	5.58 build 1185
       LogMaster.dll     	5.58 build 1185
       Notification.dll  	5.58 build 1185
       Patch.exe         	2.80 build 2014
       patchbld.dll      	5.1.0.0
       Patchw32.dll      	5.1.0.0
       ScanNow.exe       	5.58 build 1185
       SpntSvc.exe       	5.58 build 1185
       Spuninst.exe      	5.58 build 1185
       StCommon.dll      	5.58 build 1185
       StHotfix.exe      	5.58 build 1185
       Stopp.exe         	5.58 build 1185
       StRpcCln.dll      	5.58 build 1185
       StRpcSrv.dll      	5.58 build 1185
       StUpdate.exe      	5.58 build 1185
       TmEng.dll         	6.80 build 1034
       Tmnotify.dll      	1.0  build 1185
       Tmopp.dll         	5.58 build 1063
       TmRpcSrv.dll      	5.58 build 1185
       Tmupdate.dll      	2.80 build 2014
       SP5NSLST.ini      	
       TSC.ini           	
       x500.db           	
       hotfix.ini        	
       tmsp.mib          	
    
   NetWare Server
       lprotect.nlm 		5.58 build 1185
       pscan.nlm    		5.58 build 1185
    
   CM Agent Files
       EN_Utility.dll     	1.0 build 1355 
       Entitymain.exe     	1.0 build 1367 
       LibEN_CM.dll       	1.0 build 1364
       libEN_Logger.dll   	1.0 build 1367 
       libEN_Product.dll  	2.52 build 1053
       xerces-c_1_7_0.dll 	1.7  	        	
       
	
2. What's New
========================================================================
   This security patch addresses buffer overflow issues for the 
   following RPC function calls:
   
   - RPC call to function RPCFN_CMON_SetSvcImpersonateUser (in module
     stcommon.dll) 
        
   - RPC call to function RPCFN_OldCMON_SetSvcImpersonateUser (in 
     module stcommon.dll) 
        
   - RPC call to function RPCFN_EVENTBACK_DoHotFix (in module
     earthagent.exe) 
        
   - RPC call to function CMD_CHANGE_AGENT_REGISTER_INFO (in module
     earthagent.exe) 
        
   - RPC call to function RPCFN_ENG_TakeActionOnAFile (in module 
     eng50.dll) 
        
   - RPC call to function RPCFN_ENG_AddTaskExportLogItem (in module
     eng50.dll) 
        
   - RPC call to function RPCFN_ENG_TimedNewManualScan (in module
     StRpcSrv.dll)
        
   - RPC call to function RPCFN_SYNC_TASK (in module StRpcSrv.dll)
        
   - RPC call to function RPCFN_SetComputerName (in module 
     StRpcSrv.dll)
  
   - RPC call to function RPCFN_ENG_NewManualScan (in module 
     StRpcSrv.dll) 
        
   - RPC call to function NTF_SetPagerNotifyConfig (in module 
     Notification.dll) 
   

3. Documentation Set
========================================================================

   o Readme.txt -- basic installation, known issues 
    
   Electronic versions of the printed manuals are available at:
   http://www.trendmicro.com/download


4. System Requirements
========================================================================
   No special requirements for installing this security patch.


5. Installation
========================================================================
  To install this security patch:
  
  1. Copy the file "spnt_558_win_en_securitypatch4.exe" to a temporary 
     folder on the ServerProtect Information Server.

  2. Ensure that the ServerProtect Management console is not open.
  
  3. Open "spnt_558_win_en_securitypatch4.exe" and follow the 
     instructions to install the patch. The Information Server will 
     deploy the patch to NT Normal Servers 30 seconds after the 
     installation is complete, and then it will restart the 
     ServerProtect services.

  Note: If the installation does not complete successfully, review the 
        file "TMPatch.log" in the system root folder before contacting 
        technical support.
                                
  To roll back to the previous build:
  
  1. Before you can roll back, run the following shell commands to stop
     all ServerProtect services:
        
     net stop spntsvc
     net stop earthagent
     net stop "TrendMicro Infrastructure"
  
  2. You can find the backup files with the file extension "bak" in the 
     the ServerProtect home directory. To roll back, just rename the 
     backup  files and use them to replace the current files. 
  
  3. After the rollback, run the following commands to start the 
     ServerProtect services:
      
     net start spntsvc
     net start earthagent
     net start "TrendMicro Infrastructure"

      
6. Post-installation Configuration
========================================================================
   No post-installation configuration needed for this patch.
   
   Note: Trend Micro recommends that you update your scan engine and  
         virus pattern files immediately after installing this patch. 


7. Known Issues
========================================================================
   This release has the following known issues:
   
   7.1 You must close the Management Console before applying this patch. 
       Otherwise, the patch installation will not be successful.
      
   7.2 You cannot install the ServerProtect Normal Server and an 
       OfficeScan(TM) client on the same computer.
      
   7.3 After this patch is applied, the pattern update progress bar may
       not accurately reflect the actual progress.


8. Release History
========================================================================
   See the following Web site for more information about updates to 
   this product:
   
   http://www.trendmicro.com/download


9. Contact Information  
========================================================================
   A license to the Trend Micro software usually includes the right to 
   product updates, pattern file updates, and basic technical support 
   for one (1) year from the date of purchase only.  After the first 
   year, Maintenance must be renewed on an annual basis at Trend Micro's 
   then-current Maintenance fees.

   You can contact Trend Micro via fax, phone, and email, or visit us 
   at:
 
   http://www.trendmicro.com
 
   Evaluation copies of Trend Micro products can be downloaded from our 
   Web site. 

   Global Mailing Address/Telephone numbers
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   For global contact information in the Asia/Pacific region, Australia
   and New Zealand, Europe, Latin America, and Canada, refer to:
   
   http://www.trendmicro.com/en/about/overview.htm

   The Trend Micro "About Us" screen displays. Click the appropriate 
   link in the "Contact Us" section of the screen.

   Note: This information is subject to change without notice.
         

10. About Trend Micro  
========================================================================
   Trend Micro, Inc. provides virus protection, anti-spam, and 
   content-filtering security products and services.  Trend Micro allows 
   companies worldwide to stop viruses and other malicious code from a 
   central point before they can reach the desktop.  

   Copyright 2007, Trend Micro Incorporated. All rights reserved.
   Trend Micro, the t-ball logo, ServerProtect, and OfficeScan are 
   trademarks of Trend Micro Incorporated and are registered in some 
   jurisdictions. All other marks are the trademarks or registered 
   trademarks of their respective companies.


11. License Agreement  
========================================================================
   Information about your license agreement with Trend Micro can be 
   viewed at: 

   http://www.trendmicro.com/en/purchase/license/

   Third-party licensing agreements can be viewed:
     - By selecting the "About" option in the application user 
       interface
     - By referring to the "Legal" page of the Getting Started Guide or
       Administrator's Guide