Trend Micro Vulnerability Identifier(s): VRTS-753, 1001, 1171
CVE Identifier(s): CVE-2017-1000367, CVE-2017-11391, CVE-2017-11392
Platform(s): Virtual Appliance (Linux)
CVSS 2.0 Score(s): 6.5 (RCE)
CVSS 3.0 Score(s): 7.8 (Sudo)
Severity Rating(s): Medmium (RCE) & High (Sudo)
Trend Micro has released new Critical Patches (CPs) for Trend Micro InterScan Messaging Security (Virtual Appliance) versions 9.0 and 9.1. These CPs resolve a couple of vulnerabilities that could either allow a local user with privileges to execute commands via certain versions of Sudo to escalate their privileges to root or perform a command injection attack leading to remote code execution (RCE).
Affected Version(s)
| Product | Affected Version(s) | Platform | Language(s) |
|---|---|---|---|
| InterScan Messaging Security (Virtual Appliance) | Version 9.0 | Virtual Appliance | English |
| Version 9.1 | Virtual Appliance | English |
Solution
Trend Micro has released the following solutions to address the issue:
| Product | Updated version | Notes | Platform | Availability |
|---|---|---|---|---|
| InterScan Messaging Security (Virtual Appliance) | Version 9.1 CP 1675 | Readme | Virtual Appliance | Now |
| Version 9.0 CP 1629 | Readme | Virtual Appliance | Now |
Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.
Vulnerability Details
- Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
- An authenticated user could exploit a vulnerability in affected versions to perform a proxy command injection, leading to remote code execution.
Due to the seriousness of these and any other vulnerabilities, customers are highly encouraged to update to the latest builds as soon as possible.
Mitigating Factors
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:
- Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative
External Reference(s)
