Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6

Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6

by Nikola Strahija on December 5th, 2002 A quite well known (i.e. ancient) type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages (e.g. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14).


The vulnerability can be exploited using the CONNECT method to
connect to a different server, e.g. an internal mailserver as
port usage is completely unrestricted by the ISVW proxies V 3.6

Example:
you = 6.6.6.666
Trendmicro ISVW = 1.1.1.1 (http proxy at port 80)
Internal Mailserver = 2.2.2.2

connect with "telnet 1.1.1.1 80" to ISVW proxy and enter
CONNECT 2.2.2.2:25 / HTTP/1.0

response: mail server banner - and running SMTP session e.g.
to send SPAM from.

You can connect to any TCP port on any machine the proxy
can connect to. Telnet, SMTP, POP, etc.


Solution:
Update to ISVW 3.7 Build 1190 or newer (available since some
weeks now).


temp. Workarounds:
- disable the HTTP proxy (safe but inconvenient)
- You have a firewall that prevents unauthorized access to the
Trend ISVW proxy, don't you?



Volker Tanger
IT-Security Consulting

- --
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon +49 30 6104-3307
fax +49 30 6104-3461

[email protected]
http://www.discon.de/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »