Trend Micro病毒控制系统信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107159 漏洞类型 加密问题
发布时间 2003-01-15 更新时间 2010-02-02
CVE编号 CVE-2003-1344 CNNVD-ID CNNVD-200312-475
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22173
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-475
|漏洞详情
TrendMicroInterScanVirusWall是由趋势科技开发和维护的网关防病毒软件,包括对EMAIL、FTP、HTTP的病毒防护。TrendMicro包含的病毒控制系统对日志访问控制设置不正确,远程攻击者可以利用这个漏洞获得系统敏感信息。根据报告攻击者可以远程访问TVCS产生的日志文件,日志文件中包含系统的敏感信息,如用户名和密码。利用这些信息,攻击者可以进一步对系统进行攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/6618/info

An information disclosure vulnerability has been reported for TVCS. Reportedly, it is possible for an attacker to access the log files generated by TVCS. The log files contain very sensitive information about the system, including user names and passwords. 

Any information obtained in this manner may be used by an attacker to launch further destructive attacks against a system.

http://x.x.x.x/tvcs/getservers.exe?action=selects1
|参考资料

来源:XF
名称:trend-vcs-weak-encryption(11063)
链接:http://xforce.iss.net/xforce/xfdb/11063
来源:BID
名称:6618
链接:http://www.securityfocus.com/bid/6618
来源:SECUNIA
名称:7881
链接:http://secunia.com/advisories/7881
来源:VULNWATCH
名称:20030114RE:[VulnWatch]AssortedTrendVulnsRev2.0
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
来源:NSFOCUS
名称:4250
链接:http://www.nsfocus.net/vulndb/4250