Trend Micro has issued a Critical Patch for Trend Micro ServerProtect for Linux 3.0 to fix half a dozen vulnerabilities discovered in March by security researchers at Core Security.
Trend Micro ServerProtect for Linux offers comprehensive real-time protection for enterprise web-servers and file-servers, restricting them from spreading viruses, spyware, and other Web threats to internal or external endpoints.
Security researchers at CoreSecurity analyzed the product and found that it’s affected by six vulnerabilities, including code execution vulnerability that could potentially allow a remote attacker to execute arbitrary code via multiple vectors, cross-site request forgery attacks, elevated privileges vulnerability that could potentially allow a local user to obtain privileges on the target system, and cross-site scripting attacks.
The most important issues, tracked as CVE-2017-9035 and CVE-2017-9034, are related to updates. The issue is that ServerProtect communicates with update servers over HTTP (not HTTPS) which allow a man-in-the-middle (MITM) attacker to monitor the connection and manipulate data.
Affected version:
ServerProtect for Linux – Version 3.0
Trend Micro has released the following update to fix the issues:
ServerProtect for Linux Version 3.0 CP 1531*
However, even though an exploit may need some specific situations to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.