[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     30
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.30 
   Trend Micro InterScan VirusWall for Windows NT 3.51 reconfiguration
   without authentication 
   
   Problem first discovered: 24 May 2001
   Published: 12 Jun 2001
   Last Updated:12 Jun 2001
     _________________________________________________________________
   
   Overview:
   
   It is possible for a remote user to improperly gain access to
   administrative functions of InterScan VirusWall for Windows NT.
   
   Problem Description: 
   
   To change configurations via web browser, access to the following URL:
   
   http://VirusWall/interscan/cgi-bin/interscan.dll
   
   Then, no authentication is required and any remote user will be able
   to change the configuration setting.
   
     Tested Version:
     
     InterScan VirusWall for Windows NT 3.51J Japanese
     InterScan VirusWall for Windows NT 3.51 English
     
     Tested OS:
     
     Windows NT 4.0 Server SP6a [English Version]
     Windows NT 4.0 Server SP6a [Japanese Version]
     
     Patch Information:
     
     Trend Micro support team responded nothing.
     
     Until the patch is released, it is recommended to set up access
     control to refuse access to servers in which InterScan VirusWall is
     installed by non-administrative user.
     
     Discovered by:
     
     Nobuo Miwa (LAC / [7]n-miwa@lac.co.jp)
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/30_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/29_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/31_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/30.html
   7. mailto:n-miwa@lac.co.jp