[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy
From:       sylviam <sylvia () SD ! CO ! ZA>
Date:       1999-06-24 8:22:50
[Download RAW message or body]

FOR YOUR INFORMATION ONLY

Herewith response from Trend Micro re message received from Karl C. on
behalf of Lherisson dated Monday 14 June 1999.

SYLVIA
sylvia@sd.co.za

-----Original Message-----
From: Paullin Lin [mailto:Paullin_Lin@trend.com.tw]
Sent: Wednesday, June 16, 1999 6:25 AM
To: 'sylvia@sd.co.za'
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy


Dear Sylvia,

Following is the comment from our PM, for your reference.

Best Regards
Paullin

-----Original Message-----
From: Mark Shih
Sent: Tuesday, June 15, 1999 7:10 PM
To: Paullin Lin
Subject: RE: Possible Security Flaw in Trend Micro's InterScan FTP Proxy


The InterScan FTP stand alone mode is expecting the firewall to do the IP
filter for the security concern.

Mark

-----Original Message-----
From: Paullin Lin
Sent: Tuesday, June 15, 1999 3:53 PM
To: Mark Shih
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy
Importance: High


Dear Mark,

As Anthony is out of office, can I have your comments on this?  Thanks.

Best Regards
Paullin

-----Original Message-----
From: sylviam [mailto:sylvia@sd.co.za]
Sent: Tuesday, June 15, 1999 3:17 PM
To: Paullin_Lin@trend.com.tw
Cc: imelamed@iafrica.com
Subject: FW: Possible Security Flaw in Trend Micro's InterScan FTP Proxy
Importance: High



Dear Paullin

Any comments?

SYLVIA
sylvia@sd.co.za


-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@netspace.org] On Behalf Of Lherisson,
Karl C.
Sent: Monday, June 14, 1999 11:47 PM
To: BUGTRAQ@netspace.org
Subject: Possible Security Flaw in Trend Micro's InterScan FTP Proxy


Hi my name is Karl C. Lherisson a network consultant at a securities
firm.
I am writing to inform you that I recently purchased Trend Micro's
InterScan product for its ability to scan email for viruses and to
prevent SPAM from being relayed of our SMTP server.  I also decided to
look into the FTP proxy feature that is included but I found a possible
security hole in the product.  When using InterScan version 3.0 as a
stand alone proxy there is no way to limit who can have access to the
FTP proxy.  Unlike the SMTP portion, where one can specify valid source
IP addresses that are able to relay mail, anyone on the Internet who
knows the IP address of the InterScan FTP proxy can use it to log onto
another network and basically hide their identity.

So if I were a "hacker" and I wanted to launch an FTP attack on lets say

COMPANY A, and I know there is a Trend Micro InterScan FTP Proxy server
at
COMPANY B, well I would login to COMPANY B proxy server and then connect
to
COMPANY A.  What makes matters worse is that InterScan 3.0 does not keep
a
log of FTP connections (basically making the hacker anonymous), and the
software will perform the job of checking the hacker's files for
viruses.
Additionally, if COMPANY A found out that they were infiltrated in some
way,
it would appear that it originated from COMPANY B.

Fortunately, the FTP Proxy Server can be disabled but this kills 1/3
of the product functionality.

-
Karl C. Lherisson
karl@northstar.com
Network Consultant

[prev in list] [next in list] [prev in thread] [next in thread]