Trend Micro! Patched ServerProtect Multiple Vulnerabilities

  •  
  •  
  •  
  •  
  •  
  •  
  •  

Trend Micro has issued a Critical Patch for Trend Micro ServerProtect for Linux 3.0 to fix half a dozen vulnerabilities discovered in March by security researchers at Core Security.

Trend Micro ServerProtect for Linux offers comprehensive real-time protection for enterprise web-servers and file-servers, restricting them from spreading viruses, spyware, and other Web threats to internal or external endpoints.

Security researchers at CoreSecurity analyzed the product and found that it’s affected by six vulnerabilities, including code execution vulnerability that could potentially allow a remote attacker to execute arbitrary code via multiple vectors, cross-site request forgery attacks, elevated privileges vulnerability that could potentially allow a local user to obtain privileges on the target system, and cross-site scripting attacks.

The most important issues, tracked as CVE-2017-9035 and CVE-2017-9034, are related to updates. The issue is that ServerProtect communicates with update servers over HTTP (not HTTPS) which allow a man-in-the-middle (MITM) attacker to monitor the connection and manipulate data.

Affected version:
ServerProtect for Linux – Version 3.0

Trend Micro has released the following update to fix the issues:
ServerProtect for Linux Version 3.0 CP 1531*

However, even though an exploit may need some specific situations to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!