> Trend Micro ServerProtect已提取文件数超出扫描绕过漏洞

Trend Micro ServerProtect已提取文件数超出扫描绕过漏洞

CNNVD-ID编号	CNNVD-200602-126	CVE编号	CVE-2006-0642
发布时间	2006-02-10	更新时间	2006-02-14
漏洞类型	设计错误	漏洞来源	Discovered by Mert SARICA .
危险等级	中危	威胁类型	远程
厂商	trend_micro

漏洞介绍

Trend Micro ServerProtect 5.58，并且还可能包括InterScan Messaging Security Suite和InterScan Web Security Suite，具有一项默认设置，即\"当已提取的文件数超过500时不扫描压缩文件\"，这个限值在某些情况下可能会太小，从而使得远程攻击者可以借助发送包含众多小文件的压缩包来绕过反病毒检测。

漏洞补丁

目前厂商还没有提供补丁或者升级程序，建议使用此软件的用户随时关注厂商的主页以获取最新版本。

参考网址

来源: BUGTRAQ

名称: 20060205 RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.

链接：http://www.securityfocus.com/archive/1/archive/1/424172/100/0/threaded

来源: BUGTRAQ

名称: 20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.

链接：http://www.securityfocus.com/archive/1/archive/1/423914/100/0/threaded

来源: BUGTRAQ

名称: 20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.

链接：http://www.securityfocus.com/archive/1/archive/1/423913/100/0/threaded

来源: BUGTRAQ

名称: 20060203 Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.

链接：http://www.securityfocus.com/archive/1/archive/1/423896/100/0/threaded

来源: MISC

链接：http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html

来源: MISC

链接：http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf

来源: XF

名称: serverprotect-file-scanning-bypass(24658)

链接：http://xforce.iss.net/xforce/xfdb/24658

来源: BID

名称: 16483

链接：http://www.securityfocus.com/bid/16483

受影响实体

Trend_micro Interscan_messaging_security_suite Trend_micro Interscan_web_security_suite Trend_micro Serverprotect:5.58:Emc

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-126