[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     44
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.44
   Trend Micro OfficeScan Corporate Edition (Virus Buster Corporate
   Edition) Configuration File Disclosure Vulnerability
   
   Problem first discovered: Wed, 29 Aug 2001
   Published: Tue, 16 Oct 2001
     _________________________________________________________________
   
   Overview:
   
   A vulnerability was discovered in Trend Micro Corporate Edition
   (Japanese version: Virus Buster Corporate Edition) that allows remote
   attackers to access configuration files containing passwords.
   
   Problem Description: 
   
   Trend Micro Corporate Edition (Japanese version: Virus Buster
   Corporate Edition) is an antivirus software for enterprise use. This
   software provides real-time management, real-time configuration and
   updates pattern files on client machines from management console.
   
   When this software is installed, several virtual directories are
   created in order to provide Web-based management console function.
   However, attackers will be able to access one of these directories,
   /officescan/hotdownload, without authentication. In addition, the file
   stored in this directory, ofcscan.ini, is the configuration file used
   by OfficeScan Corporate Edition.
   
   If this vulnerability is exploited, an attacker will be able to gain
   access to the configuration information from this file. Moreover,
   although this file stores an encrypted password, it is possible to
   decrypt it easily. For example, OfficeScan Corporate Edition has
   encrypted the following character sequences, "12345":
   
     701F702132
     
   This string is generated by a specific algorithm and it is possible to
   decrypt it easily. If an application uses a duplicated password, an
   attacker will be able to cause further impacts on the system.
   
   Tested Version:
   
     OfficeScan Corporate Edition Ver.3.53
     Virus Buster Corporate Edition Ver.3.53
     
     Tested OS:
     
     Windows NT 4.0 Server + SP6a [English]
     Windows NT 4.0 Server + SP6a [Japanese]
     
     Solution:
     
     A patch to fix this issue in Virus Buster Corporate Edition is
     available at the following URL:
     
     [7]http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutio
     nID=318
     
     Discovered by:
     
     ARAI Yuu (LAC) [8]y.arai@lac.co.jp
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/44_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/43_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/45_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/44.html
   7. http://www.pgp.com/support/product-advisories/keyserver.asp
   8. mailto:/