The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Trend Micro IMSS

computer vulnerability bulletin CVE-2017-11391 CVE-2017-11392

Trend Micro InterScan Messaging Security: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Messaging Security.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/08/2017.
Identifiers: 1117723, CVE-2017-11391, CVE-2017-11392, VIGILANCE-VUL-23418, ZDI-17-502, ZDI-17-504.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Messaging Security.

An attacker can use a vulnerability via Proxy Command Injection, in order to run code. [severity:2/4; CVE-2017-11391, ZDI-17-502]

An attacker can use a vulnerability via Proxy Command Injection, in order to run code. [severity:2/4; CVE-2017-11392, ZDI-17-504]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1000367 CVE-2017-1000368

sudo: privilege escalation via the parsing of /proc/pid/stat

Synthesis of the vulnerability

A local attacker can tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Impacted products: Debian, Fedora, Junos Space, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, Sudo, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, InterScan Messaging Security Suite, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/05/2017.
Revision date: 15/06/2017.
Identifiers: 1117723, CERTFR-2017-AVI-238, CERTFR-2017-AVI-365, CVE-2017-1000367, CVE-2017-1000368, DLA-1011-1, DLA-970-1, DSA-3867-1, FEDORA-2017-54580efa82, FEDORA-2017-8b250ebe97, FEDORA-2017-facd994774, JSA10824, JSA10826, openSUSE-SU-2017:1455-1, openSUSE-SU-2017:1697-1, RHSA-2017:1381-01, RHSA-2017:1382-01, RHSA-2017:1574-01, SB10205, SSA:2017-150-01, SUSE-SU-2017:1446-1, SUSE-SU-2017:1450-1, SUSE-SU-2017:1626-1, SUSE-SU-2017:1627-1, SUSE-SU-2017:1778-1, Synology-SA-17:19, USN-3304-1, USN-3968-1, VIGILANCE-VUL-22865.

Description of the vulnerability

The sudo product looks for its controlling tty.

Fot that, it reads the file /proc/pid/stat. However, the parsing of this file is wrong. An attacker can tamper with the program path to make sudo write into any file with root privileges.

A local attacker can therefore tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 22613

Trend Micro InterScan Messaging Security Suite: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the Linux kenel, the glibc library and OpenSSL included in Trend Micro InterScan Messaging Security Suite.
Impacted products: InterScan Messaging Security Suite.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 02/05/2017.
Identifiers: 1117318, VIGILANCE-VUL-22613.

Description of the vulnerability

An attacker can use several vulnerabilities of the Linux kenel, the glibc library and OpenSSL included in Trend Micro InterScan Messaging Security Suite.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-7896

Trend Micro InterScan Messaging Security Virtual Appliance: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Messaging Security.
Impacted products: InterScan Messaging Security Suite.
Severity: 3/4.
Consequences: privileged access/rights, client access/rights, data reading.
Provenance: document.
Creation date: 19/04/2017.
Identifiers: 1116821, CVE-2017-7896, VIGILANCE-VUL-22499.

Description of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Messaging Security.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-1302

Trend Micro InterScan Messaging Security Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Suite, in order to run JavaScript code in the context of the web site.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/04/2017.
Identifiers: 1117094, CVE-2012-1302, VIGILANCE-VUL-22448.

Description of the vulnerability

The Trend Micro InterScan Messaging Security Suite product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Suite, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 22235

Trend Micro InterScan Messaging Security Suite: information disclosure via admin

Synthesis of the vulnerability

An authenticated attacker can get the content of any file with the system privileges via the administration console of Trend Micro InterScan Messaging Security Suite, in order to get sensitive information.
Impacted products: InterScan Messaging Security Suite.
Severity: 3/4.
Consequences: data reading.
Provenance: user account.
Creation date: 23/03/2017.
Identifiers: VIGILANCE-VUL-22235, ZDI-17-187.

Description of the vulnerability

The Trend Micro InterScan Messaging Security Suite product offers a web service for the administration console.

However, the request parameter pictureName, that defines a file path, is not restricted to san values by the routine showPicture() of the class DetailReportAction taht process this request.

An authenticated attacker can therefore get the content of any file with the system privileges via the administration console of Trend Micro InterScan Messaging Security Suite, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-4914 CVE-2016-4915 CVE-2016-4916

Trend Micro InterScan Messaging Security Virtual Appliance: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Messaging Security Virtual Appliance.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/10/2016.
Identifiers: 1114746, 2016-0118, 2016-0159, 201X-0007, CVE-2016-4914, CVE-2016-4915, CVE-2016-4916, VIGILANCE-VUL-20799.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Messaging Security Virtual Appliance.

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-4914]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-4915]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-4916]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3922

Trend Micro InterScan Messaging Security Virtual Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/05/2014.
Identifiers: CVE-2014-3922, VIGILANCE-VUL-14817.

Description of the vulnerability

The Trend Micro InterScan Messaging Security Virtual Appliance product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-2995 CVE-2012-2996

Trend Micro InterScan Messaging Security Suite: two vulnerabilities

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/09/2012.
Identifiers: BID-55542, CERTA-2012-AVI-515, CVE-2012-2995, CVE-2012-2996, VIGILANCE-VUL-11951, VU#471364.

Description of the vulnerability

Two vulnerabilities were announced in Trend Micro InterScan Messaging Security Suite.

The addRuleAttrWrsApproveUrl.imss and initUpdSchPage.imss pages do not filter their parameters, before injecting them in the generated HTML code. [severity:2/4; CVE-2012-2995]

The saveAccountSubTab.imss form does not check the origin of queries, before accepting them. [severity:2/4; CVE-2012-2996]

An attacker can therefore generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Trend Micro IMSS: